WordPress Wp advertising management plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Wp advertising management versions = 1.0.3...

WordPress plugin AHAthat Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-36743 · Seventhqueen · Seventhqueen Kleo

Name of the Vulnerable Software and Affected Versions: SeventhQueen Kleo versions prior to 5.4.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means that an attacker can inje...

CVE-2024-12096

The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-10472 · Koji +1 · Koji +1

Name of the Vulnerable Software and Affected Versions: Koji affected versions not specified Description: The issue is related to improper neutralization of input during web page generation, allowing for a reflected XSS attack. An unsanitized input can lead to an XSS attack, where harmful JavaScri...

CVE-2024-12262

The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

WordPress plugin G Web Pro Store Locator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-17193 · WordPress · Latex2Html

Name of the Vulnerable Software and Affected Versions: LaTeX2HTML plugin for WordPress versions up to, and including, 2.5.5 Description: The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ver or date parameter due to insufficient input sanitization and...

PT-2024-17264 · WordPress · Pingmeter Uptime Monitoring

Name of the Vulnerable Software and Affected Versions: Pingmeter Uptime Monitoring plugin for WordPress versions up to, and including, 1.0.3 Description: The issue is related to Reflected Cross-Site Scripting via the wpnonce parameter due to insufficient input sanitization and output escaping. Th...

CVE-2024-11254

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqusname parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary we...

WordPress User Referral plugin <= 8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin User Referral versions = 8.0...

WordPress SMS for WooCommerce plugin <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SMS for WooCommerce versions = 2.8.1...

PT-2024-39714 · WordPress · Myparcel

Name of the Vulnerable Software and Affected Versions: MyParcel plugin for WordPress versions up to, and including, 4.24.1 Description: The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This...

PT-2024-36228 · Unknown · Connect Contact Form 7 To Constant Contact

Name of the Vulnerable Software and Affected Versions: Connect Contact Form 7 to Constant Contact versions 1.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. Specifically, it is...

WordPress WP Pipes plugin <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter vulnerability

Reflected Cross-Site Scripting via x1 Parameter vulnerability discovered by vgo0 in WordPress Plugin WP Pipes versions = 1.4.1...

WordPress WPC Order Notes for WooCommerce plugin <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WPC Order Notes for WooCommerce versions = 1.5.2...

CVE-2024-54043

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2024-10879

The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to...

PT-2024-38650 · Kofax · Totalagility

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Kofax TotalAgility versions all through 7.9.0.25.0.954 Description: The issue is a Reflected XSS vulnerability that can be exploited through manipulation of the mfpConnectionId parameter in a form sent to endpoints...

CVE-2023-6978

The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...