3 matches found
CVE-2025-9116
The WPS Visitor Counter WordPress plugin through 1.4.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-6072
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
PT-2023-16624 · WordPress · Vk All In One Expansion Unit
Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit WordPress plugin versions prior to 9.87.1.0 Description: The issue concerns the failure to escape the REQUEST URI parameter before outputting it back in an attribute, potentially leading to Reflected Cross-Site...