90 matches found
Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in amin open...
Bulk NoIndex & NoFollow Toolkit < 1.5 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-2705 Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...
CVE-2023-3992
The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-3954 MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-2123 WP Inventory Manager < 2.1.0.13 - Reflected Cross-Site Scripting
The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
PT-2023-18015 · WordPress · Wp Inventory Manager
Name of the Vulnerable Software and Affected Versions: WP Inventory Manager versions prior to 2.1.0.13 Description: The issue is related to a Reflected Cross-Site Scripting problem. The WP Inventory Manager WordPress plugin does not properly sanitise and escape a parameter before outputting it ba...
eaSYNC <= 1.3.8 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Sql injection
The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin...
Cross site scripting
The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Sql injection
The ANGradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...
CVE-2023-3118
The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Sql injection
The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
NextGen GalleryView <= 0.5.5 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2023-17105 · Tagdiv · Tagdiv Composer
Name of the Vulnerable Software and Affected Versions: tagDiv Composer WordPress plugin versions prior to 4.0 Description: The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users, such as admin. This occurs because a parameter is not properly...
CVE-2023-1473 Responsive WordPress Slideshows 3.29.0 - Reflected XSS
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.4 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. PoC Visit the following path on the site as an admin user:...
GiveWP < 2.25.2 - Author+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks...
Easy Testimonial Slider and Form < 1.0.16 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Sql injection
The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...