38 matches found
PT-2025-49356
Name of the Vulnerable Software and Affected Versions Rich Shortcodes for Google Reviews plugin for WordPress versions prior to 6.8 Description The Rich Shortcodes for Google Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization...
CVE-2025-12746
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
CVE-2023-41653
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Beplus Sermon'e – Sermons Online plugin = 1.0.0 versions...
WordPress plugin Tripetto 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-12320
The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
CVE-2024-9377
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticat...
PT-2024-39290 · WordPress · Store Hours For Woocommerce
Name of the Vulnerable Software and Affected Versions: Store Hours for WooCommerce plugin for WordPress versions up to, and including, 4.3.20 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows...
CVE-2024-8274
The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timelineobj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2023-46094
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin = 6.5.3 versions...
CVE-2022-4712
The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute wheneve...
PT-2023-27198 · Vcita · Vcita Online Booking & Scheduling Calendar
Name of the Vulnerable Software and Affected Versions: vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin versions = 4.3.2 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into...
PT-2023-21955 · Vladimir Statsenko · Terms Descriptions Plugin
Name of the Vulnerable Software and Affected Versions: Vladimir Statsenko Terms descriptions plugin versions = 3.4.4 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...
PT-2023-19363 · WordPress · The Photo Gallery Slideshow & Masonry Tiled Gallery
Name of the Vulnerable Software and Affected Versions: The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions up to, and including, 1.0.13 Description: The issue arises from insufficient input sanitization and output escaping, making it possible for unauthenticated...
PT-2023-12474 · WordPress · Wp Quick Frontend Editor
Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to, and including, 5.5 Description: The issue arises from insufficient input sanitization and output escaping on the save content front function, which uses print r on user-supplied $...
CVE-2023-28341
Stored Cross site scripting XSS vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page...
PT-2023-13672 · WordPress · Monsterinsights
Name of the Vulnerable Software and Affected Versions: MonsterInsights WordPress plugin versions prior to 8.9.1 Description: The issue allows an unauthenticated attacker to inject arbitrary web scripts into page titles by spoofing requests to Google Analytics, due to the lack of sanitization or...
PT-2022-14256 · WordPress · Dx Share Selection
Name of the Vulnerable Software and Affected Versions: DX Share Selection plugin for WordPress versions up to, and including 1.4 Description: The issue is due to missing nonce protection on the dxss admin page function found in the /dx-share-selection.php file, making it possible for...
PT-2022-16691 · WordPress · Freemind Wp Browser
Name of the Vulnerable Software and Affected Versions: FreeMind WP Browser plugin for WordPress versions up to, and including 1.2 Description: The issue is due to missing nonce protection on the FreemindOptions function found in the /freemind-wp-browser.php file. This allows unauthenticated...