WordPress AutomatorWP plugin <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value vulnerability

Reflected Cross-Site Scripting via a-0-o-searchfieldvalue vulnerability discovered by Vincent Fourcade vinceMatsui in WordPress Plugin AutomatorWP versions = 5.0.9...

WordPress collectchat Plugin < 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software collectchat Type Plugin Vulnerable versions 2.4.4 Fixed in 2.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6498 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0dd324fc130c Credits Fourcade Required privilege...

WordPress WP Advanced Search plugin <= 1.1.6 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by fourcade in WordPress Plugin Advanced Search versions = 1.1.6...

WordPress Simple Ajax Chat Plugin <= 20231101 is vulnerable to Cross Site Scripting (XSS)

Software Simple Ajax Chat Type Plugin Vulnerable versions = 20231101 Fixed in 20240216 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2956 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1403f71c8e2b Credits Fourcade Required...

fourcade-tp.fr Cross Site Scripting vulnerability OBB-2854987

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...