Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery

Description The Change default login logo,url and title plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce. This makes it possible for unauthenticated attackers to perform an unauthorized action and...

Post-Plugin Library <= 2.6.2.1 - Reflected Cross-Site Scripting

Description The Post-Plugin Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Convert Post Types <= 1.4 - Reflected Cross-Site Scripting

Description The Convert Post Types plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

Cross-Site Scripting (XSS)

Jenkins is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper handling of workspaces and archived artifacts, allowing remote authenticated users to inject arbitrary web scripts or HTML...

CVE-2024-2924 Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

Forminator < 1.29.1 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. 3gpp file due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...

WP Google Maps < 9.0.30 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

HT Mega < 2.4.4 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

Forminator < 1.29.1 - Reflected Cross-Site Scripting

Description The plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into...

SEO Plugin by Squirrly SEO < 12.3.17 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

FV Flowplayer Video Player < 7.5.44.7212 - Reflected Cross-Site Scripting

Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Unlimited Elements For Elementor < 1.5.94 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

Survey Maker < 4.0.7 - Reflected Cross-Site Scripting

Description The Survey Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

Portfolio Gallery – Image Gallery Plugin < 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Photo Gallery by Ays < 5.5.3 - Reflected Cross-Site Scripting

Description The Photo Gallery by Ays plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

Molongui < 4.7.8 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrar...

ReDi Restaurant Reservation < 24.0303 - Reflected Cross-Site Scripting

Description The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 24.0128 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

PropertyHive < 2.0.9 - Reflected Cross-Site Scripting

Description The PropertyHive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

Sunshine Photo Cart < 3.1.2 - Reflected Cross-Site Scripting

Description The Sunshine Photo Cart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

WP Directory Kit < 1.3.0 - Reflected Cross-Site Scripting

Description The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...