CVE-2024-11252

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateormastodonshare parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11685

The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attacker...

WordPress plugin SEO Landing Page Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin SEO Landin...

PT-2024-16936 · Paypal +3 · Paypal +4

Name of the Vulnerable Software and Affected Versions: The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress versions prior to 1.112.1 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg...

WordPress plugin MailMunch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

PT-2024-39599 · WordPress · Branda – White Label & Branding

Name of the Vulnerable Software and Affected Versions: The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress versions up to, and including, 3.4.19 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without...

PT-2024-16878 · WordPress · Gd Bbpress Attachments

Name of the Vulnerable Software and Affected Versions: GD bbPress Attachments plugin for WordPress versions up to, and including, 4.7.2 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows...

CVE-2024-50522 WordPress WeChat Subscribers Lite plugin <= 1.6.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redyyu WeChat Subscribers Lite wechat-subscribers-lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through = 1.6.6...

CVE-2024-9777

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

PT-2024-34851 · Unknown · Hanusek Impress

Name of the Vulnerable Software and Affected Versions: Hanusek imPress versions 0.1.4 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: Fo...

PT-2024-39216 · WordPress · Wedevs Recaptcha Integration For Wordpress

Name of the Vulnerable Software and Affected Versions: ReCaptcha Integration for WordPress plugin versions 1.2.5 and earlier Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without proper escaping on the URL. This allows unauthenticated attacker...

Medium: python-twisted

Issue Overview: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected...

CVE-2024-9110

A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks...

WordPress Events Manager Pro – extended plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Events Manager Pro – extended versions = 0.1...

PT-2024-39289 · WordPress · Pricing Tables Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress versions up to, and including, 3.2.5 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site...

CVE-2024-49637

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Foxskav Bet WC 2018 Russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: from n/a through 2.1...

CVE-2024-49636

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Prashant Mavinkurve Agile Video Player Lite allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through 1.0...

CVE-2024-49651

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Matt Royal WooCommerce Maintenance Mode allows Reflected XSS.This issue affects WooCommerce Maintenance Mode: from n/a through 2.0.1...

PT-2024-32698 · Wedevs · Wedevs Wp Erp

Name of the Vulnerable Software and Affected Versions: weDevs WP ERP versions 1.13.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For...

PT-2024-33593 · Unknown · Monitor.Chat

Name of the Vulnerable Software and Affected Versions: Monitor.Chat versions n/a through 1.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions n/a...