Better Anchor Links <= 1.7.5 - Cross-Site Request Forgery via admin/options.php

Description The Better Anchor Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.5. This is due to missing or incorrect nonce validation on the admin/options.php file. This makes it possible for unauthenticated attackers to update the...

GHSA-V9H6-53FX-GH4J WPGlobus plugin Stored XSS & CSRF security vulnerability

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionbrowserredirectredirectbylanguage parameter to wp-admin/options.php...

GHSA-GPQ5-VQVX-CH9J WPGlobus plugin Stored XSS & CSRF security vulnerability

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionenabledlanguagesen or wpglobusoptionenabledlanguagesfr or any other language parameter to wp-admin/options.php...

GHSA-35MH-F6P8-PJ2C WPGlobus plugin Stored XSS & CSRF security vulnerability

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionmorelanguages parameter to wp-admin/options.php...

Advance Search < 1.1.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts...

CVE-2018-5363

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionenabledlanguagesen or wpglobusoptionenabledlanguagesfr or any other language parameter to wp-admin/options.php...

CVE-2018-5364

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionbrowserredirectredirectbylanguage parameter to wp-admin/options.php...

CVE-2018-5366

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionmorelanguages parameter to wp-admin/options.php...

CVE-2018-5365

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionselectorwplistpagesshowselector parameter to wp-admin/options.php...

CVE-2018-5364

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionbrowserredirectredirectbylanguage parameter to wp-admin/options.php...

CVE-2014-4847

Cross-site scripting XSS vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercodeRBannerurlbanner1 parameter in an update action to wp-admin/options.php...

CVE-2014-4847

CVE-2014-4847 concerns a cross-site scripting (XSS) flaw in the WordPress plugin “Random Banner” version 1.1.2.1. The vulnerability allows a remote attacker to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php. Affecte...

CVE-2006-5985

Extreme CMS 0.9 is affected by multiple XSS vulnerabilities in admin/options.php, exploitable via the parameters bg1, bg2, text, or size. The issue is documented with a CVSS v2 base score of 6.8 (MEDIUM) and indicates remote attackers can inject script/HTML; no exploit details or patches are prov...