EUVD-2021-11822

Malicious code in bioql PyPI...

PT-2025-34331 · WordPress · Wp Talroo

Name of the Vulnerable Software and Affected Versions: WP Talroo versions through 2.4 Description: The WP Talroo WordPress plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. This could be used against high...

CVE-2022-1951

The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected...

CVE-2022-1465

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24454

In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. Th...