CVE-2021-24764

The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripti...

CVE-2017-17829

Bus Booking Script has SQL Injection via the admin/viewseatseller.php spid parameter or the admin/viewmember.php memid parameter...

CVE-2025-1871 SQL injection vulnerability in 101news

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php...

CVE-2022-2537

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting...

WordPress plugin Fast Flow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress Fast Flow plugin prior to 1.2.12, which...

WordPress Plugin Spider Facebook Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blogging sites on PHP and MySQL servers.Spider Facebook is one of the plug-ins that can integrate Facebook into a website. A cross-site scripting vulnerability exists in...