CVE-2022-42880

Cross-Site Request Forgery CSRF vulnerability in Ali Irani Auto Upload Images plugin = 3.3 versions allows Stored Cross-Site Scripting XSS...

CVE-2022-1384

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities...

CVE-2022-46812

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...

CVE-2022-46851

Cross-Site Request Forgery CSRF vulnerability in Brainstorm Force Starter Templates plugin = 3.1.20 versions...

CVE-2022-47167

Cross-Site Request Forgery CSRF vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin = 2.8.4 versions...

CVE-2022-47155

Cross-Site Request Forgery CSRF vulnerability in Supsystic Slider by Supsystic plugin = 1.8.5 versions...

CVE-2022-47173

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin = 1.62.0 versions...

CVE-2021-25039

The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcccontenttype, wmccsourceblog and wmccrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-4367

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...

CVE-2021-24858

The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection...

CVE-2020-25033

The Blubrry subscribe-sidebar aka Subscribe Sidebar plugin 1.3.1 for WordPress allows subscribesidebar.php= reflected XSS...

CVE-2020-35589

The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by th...

CVE-2019-14796

The mq-woocommerce-products-price-bulk-edit aka Woocommerce Products Price Bulk Edit plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=updateoptions showproductspagelimit parameter...

CVE-2019-15659

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969...

CVE-2019-15643

The ultimate-faqs plugin before 1.8.22 for WordPress has XSS...

CVE-2018-17946

The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter...

CVE-2019-10388

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

CVE-2015-9355

The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area...

CVE-2025-39409 WordPress WordPress Video Robot - The Ultimate Video Importer plugin <= 1.20.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pressaholic WordPress Video Robot - The Ultimate Video Importer.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0...

CVE-2025-43839 WordPress BP Messages Tool plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shanebp BP Messages Tool bp-messages-tool allows Reflected XSS.This issue affects BP Messages Tool: from n/a through = 2.2...