CVE-2023-24398

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Snap Creek Software EZP Coming Soon Page plugin = 1.0.7.3 versions...

CVE-2023-23972

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...

CVE-2023-23878 WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin = 4.3.9 versions...

CVE-2022-47596

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jeffrey-WP Media Library Categories plugin = 1.9.9 versions...

CVE-2023-23707

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue...

CVE-2022-47431

Reflected Cross-Site Scripting XSS vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin = 2.0.14 versions...

WordPress Plugin Bitcoin Payments – Blockonomics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability previously existed ...

CVE-2022-41785 WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin = 2.2.8 versions...

CVE-2023-24381

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NsThemes Advanced Social Pixel plugin = 2.1.1 versions...

PT-2023-2189 · Jenkins · Jenkins Convert To Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Convert To Pipeline Plugin versions 1.0 and earlier Description: The issue is related to the incorrect handling of code generation in the Convert To Pipeline Plugin, specifically in the Freestyle Project Configuration Handler componen...

PT-2023-15209 · Unknown · Void Contact Form 7 Widget For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: Void Contact Form 7 Widget For Elementor Page Builder plugin versions = 2.1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web...

GHSA-J664-QHH4-HPF8 Cross-site Scripting vulnerability in Jenkins

Jenkins 2.270 through 2.393 both inclusive, LTS 2.277.1 through 2.375.3 both inclusive does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting XSS...

WordPress plugin Download Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-23973

Cross-Site Request Forgery CSRF vulnerability in a3rev Software Contact Us Page – Contact People plugin = 3.7.0...

CVE-2022-4666

The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

EUVD-2022-52154

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...

WordPress Plugin Post Views Count 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

SUSE CVE-2017-1000404

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs...

plugin: CSRF vulnerability in Blue Ocean Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

CVE-2023-24145

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the pluginversion parameter in the setUnloadUserData function...