CVE-2024-8792 Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8713 Kodex Posts likes <= 2.5.0 - Reflected Cross-Site Scripting

The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-8656

The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

CVE-2015-9511

CVE-2015-9511 affects the Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress. The vulnerability is an XSS in which add_query_arg is misused, impacting EDD versions: 1.8.x before 1.8.7; 1.9.x before 1.9.10; 2.0.x before 2.0.5; 2.1.x before 2.1.11; 2.2.x before 2.2.9...