888 matches found
Cross site scripting
Auth. admin+ Cross-Site Scripting XSS vulnerability in Link Software LLC WP Terms Popup plugin = 2.6.0 versions...
CVE-2023-23971
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CodePeople WP Time Slots Booking Form plugin = 1.1.81 versions...
CVE-2023-23972
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPGear.Pro WPFrom Email plugin = 1.8.8 versions...
CVE-2022-45355
Auth. admin+ SQL Injection SQLi vulnerability in ThimPress WP Pipes plugin = 1.33 versions...
CVE-2022-47610
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mr Digital Simple Image Popup plugin = 1.3.6 versions...
CVE-2023-1575
The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...
CVE-2023-0501
The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-25992
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CreativeMindsSolutions CM Answers plugin = 3.1.9 versions...
CVE-2022-47173
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin = 1.62.0 versions...
CVE-2022-47173 WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.62.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin = 1.62.0 versions...
CVE-2023-28422
Auth. admin+ Stored Cross-site Scripting XSS vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce = 3.8.6. versions...
CVE-2023-25794
Auth. admin+ Cross-Site Scripting XSS vulnerability in Mighty Digital Nooz plugin = 1.6.0 versions...
CVE-2023-25795
Auth. admin+ Cross-Site Scripting XSS vulnerability in WP-master.Ir Feed Changer & Remover plugin = 0.2 versions...
CVE-2023-1374
The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currencyname' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to...
SUSE CVE-2015-3902
Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...
SUSE CVE-2016-1607
Multiple cross-site request forgery CSRF vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request...
CVE-2023-0446
The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2022-43470
Cross-site request forgery CSRF vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the...