EUVD-2020-23425

Malware in sbrugna...

CVE-2025-9735 O2OA Personal Profile table cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /xqueryassembledesigner/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be...

PT-2025-33636 · Portabilis · I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions up to 1.5.0 Description: A vulnerability exists in Portabilis i-Diario up to version 1.5.0, impacting an unknown function within the /alunos/search autocomplete file. Manipulation of the q argument can lead to...

CVE-2024-9777

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

CVE-2015-9505

The Easy Digital Downloads EDD core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS because addqueryarg is misused...

CVE-2015-9358

The feedwordpress plugin before 2015.0514 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2015-9368

Easy EU Value Added VAT Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2015-9520

The Easy Digital Downloads EDD Per Product Emails extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

CVE-2024-11327

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.1...

CVE-2024-9208 Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting

The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrar...

WordPress plugin MyParcel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2024-15279 · Datagear · Datagear

Name of the Vulnerable Software and Affected Versions: DataGear versions up to 4.60 Description: A critical issue affects the unknown code of the file /dataSet/resolveSql, where the manipulation of the sql argument leads to sql injection. The attack can be initiated remotely. Upgrading to version...

WordPress plugin Gallery Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Terms descriptions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-39252 · WordPress · Smart Online Order For Clover

Name of the Vulnerable Software and Affected Versions: Smart Online Order for Clover plugin for WordPress versions up to, and including, 1.5.7 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping on t...

PT-2024-39752 · WordPress · 2D Tag Cloud

Name of the Vulnerable Software and Affected Versions: 2D Tag Cloud plugin for WordPress versions up to, and including, 6.0.2 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows unauthenticated...

WordPress plugin 2D Tag Cloud 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Easy Social Share Buttons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPre...

CVE-2024-9384

The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attacker...

CVE-2024-9375

The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject...