CVE-2020-37174

WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' a...

CVE-2026-7475

The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sky-custom-scripts custom post type in all versions up to, and including, 3.3.2. This is due to the custom post type being registered with capabilitytype = 'post' and showinrest = true, combined with...

PT-2026-38904

Name of the Vulnerable Software and Affected Versions Sky Addons versions prior to 3.3.3 Description The Sky Addons plugin for WordPress allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts. This occurs because the sky-custom-scripts custom post type i...

CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API

The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...

@instacarro/ic-model-admin (>=2.0.5 <=2.0.8), grommet-toolbox (>=0.1.3 <=0.2.12) +4 more potentially affected by CVE-2020-7605 via gulp-tape (>=0.0.10 <=1.0.0)

gulp-tape NPM version =0.0.10, =2.0.5, =0.1.3, =0.1.1, =0.1.5, =0.43.2 - sp-router-js =1.0.1 Source cves: CVE-2020-7605 Source advisory: OSV:GHSA-X67X-98X7-WV26...

@instacarro/ic-model-admin (>=2.0.5 <=2.0.8), grommet-toolbox (>=0.1.3 <=0.2.12) +4 more potentially affected by CVE-2020-7605 via gulp-tape (>=0.0.10 <=1.0.0)

gulp-tape NPM version =0.0.10, =2.0.5, =0.1.3, =0.1.1, =0.1.5, =0.43.2 - sp-router-js =1.0.1 Source cves: CVE-2020-7605 Source advisory: SNYK:JS-GULPTAPE-560124...