116 matches found
WordPress Kudos Donations plugin <= 3.2.9 - Reflected Cross-Site Scripting via 'add_query_arg' vulnerability
Reflected Cross-Site Scripting via 'addqueryarg' vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Kudos Donations versions = 3.2.9...
CVE-2017-18577
The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of addqueryarg...
CVE-2024-9240
The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-10880
The JobBoardWP – Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated...
CVE-2024-9608
The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-9231
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9228
The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9211
The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9385
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-9607
The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
CVE-2024-9371
The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. This makes it possible for unauthenticated...
CVE-2015-9361
The Related Posts plugin before 1.8.2 for WordPress has XSS via addqueryarg and removequeryarg...
CVE-2015-9371
Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...
CVE-2015-9506
The Easy Digital Downloads EDD Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2015-9527
The Easy Digital Downloads EDD Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2015-9526
The Easy Digital Downloads EDD Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2015-9525
The Easy Digital Downloads EDD Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2015-9512
The Easy Digital Downloads EDD CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
WordPress plugin Digital License Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Digital License Manager plugin <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function vulnerability
Reflected Cross-Site Scripting via removequeryarg Function vulnerability discovered by Peter Thaleikis in WordPress Plugin Digital License Manager versions = 1.7.3...