WordPress plugin Track, Analyze & Optimize by WP Tao 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

ONLYOFFICE Docs 跨站脚本漏洞

ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A cross-site scripting vulnerability exists in ONLYOFFICE Docs version 8.3.1 and prior versions, which stems from reflected cross-site scripting when opening a file via the WOPI protocol, which could lead to the execution of...

CVE-2025-47094

Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2025-4652

The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

VulnCheck KEV: CVE-2022-1221

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting...

VulnCheck KEV: CVE-2021-24498

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

CVE-2025-47613

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0...

CVE-2024-31488

An improper neutralization of inputs during web page generation vulnerability CWE-79 in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and...

CVE-2024-10522

The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.5.76. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-9347

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-9239

The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject...

CVE-2024-12262

The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

CVE-2024-0848

The AA Cash Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘invoice’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-8735

The MailMunch – Grow your Email List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.8. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-11462

The Filestack Official plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'fstab' and 'filestackoptions' parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

CVE-2023-4067

The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tabdate' and 'tabdater' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-2337

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1978

The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2023-1890

The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting...

CVE-2023-1596

The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...