CVE-2024-5859

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Averta Master Slider security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

Reflected Cross-site Scripting

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the...

CVE-2024-26111

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

Modern Campus Omni CMS Security Vulnerability

Modern Campus Omni CMS is a web content management system from Modern Campus, Inc. It is used by colleges and universities to manage their websites. A security vulnerability exists in Modern Campus Omni CMS version 2023.1, which stems from a Reflected Cross-Site Scripting XSS vulnerability in the...

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

CVE-2024-4749

The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2024-4289

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-3822

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-15909 · WordPress · Fancy Product Designer

Name of the Vulnerable Software and Affected Versions: The Fancy Product Designer WordPress plugin versions prior to 6.1.8 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back...

PT-2024-24999 · Unknown · Max Addons Pro For Bricks

Name of the Vulnerable Software and Affected Versions: Max Addons Pro for Bricks versions 1.6.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For Max...

VulnCheck KEV: CVE-2024-32702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4...

CVE-2024-3731

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-32138

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaizenCoders Short URL allows Reflected XSS.This issue affects Short URL: from n/a through 1.6.8...

CVE-2024-1412

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-1292

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-1958

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...

WordPress Plugin wpb-show-core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-18452 · WordPress · Wpb Show Core

Name of the Vulnerable Software and Affected Versions: WPB Show Core WordPress plugin versions prior to 2.7 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page...

PT-2024-15736 · WordPress · Pz-Linkcard

Name of the Vulnerable Software and Affected Versions: Pz-LinkCard WordPress plugin versions through 2.5.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. Th...