WordPress Data Dash plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin Data Dash versions = 1.2.3...

WordPress WordPress-to-candidate for Salesforce CRM plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin WordPress-to-candidate for Salesforce CRM versions = 1.0.1...

WordPress 新淘客WordPress插件 plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin 新淘客WordPress插件 versions = 1.1.2...

WordPress Responsivity plugin <= 0.0.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Responsivity versions = 0.0.6...

WordPress Envato Affiliater plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin Envato Affiliater versions = 1.2.4...

WordPress Bold pagos en linea Plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Parasimpaticki Patchstack Alliance in WordPress Plugin Bold pagos en linea versions = 3.1.4...

PT-2025-4564 · Marcus Downing · Site Pin

The vulnerable software is Marcus Downing Site PIN, with versions from n/a through 1.3 being affected. The vulnerability is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This type of vulnerability can be exploit...

CVE-2024-12715

The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Woocommerce check pincode/zipcode for shipping plugin <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Woocommerce check pincode/zipcode for shipping versions = 2.0.4...

WordPress SEO Keywords plugin <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter vulnerability

Reflected Cross-Site Scripting via googleerror Parameter vulnerability discovered by vgo0 in WordPress Plugin seo-keywords versions = 1.1.3...

CVE-2024-12384 Binary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page'

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

PT-2025-3714 · WordPress · Estatik Mortgage Calculator

Name of the Vulnerable Software and Affected Versions: Estatik Mortgage Calculator plugin for WordPress versions up to, and including, 2.0.11 Description: The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the color parameter due to insufficie...

WordPress Wp advertising management plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Wp advertising management versions = 1.0.3...

WordPress plugin AHAthat Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-36743 · Seventhqueen · Seventhqueen Kleo

Name of the Vulnerable Software and Affected Versions: SeventhQueen Kleo versions prior to 5.4.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means that an attacker can inje...

CVE-2024-12096

The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-10472 · Koji +1 · Koji +1

Name of the Vulnerable Software and Affected Versions: Koji affected versions not specified Description: The issue is related to improper neutralization of input during web page generation, allowing for a reflected XSS attack. An unsanitized input can lead to an XSS attack, where harmful JavaScri...

CVE-2024-12262

The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

PT-2024-17193 · WordPress · Latex2Html

Name of the Vulnerable Software and Affected Versions: LaTeX2HTML plugin for WordPress versions up to, and including, 2.5.5 Description: The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ver or date parameter due to insufficient input sanitization and...

PT-2024-17264 · WordPress · Pingmeter Uptime Monitoring

Name of the Vulnerable Software and Affected Versions: Pingmeter Uptime Monitoring plugin for WordPress versions up to, and including, 1.0.3 Description: The issue is related to Reflected Cross-Site Scripting via the wpnonce parameter due to insufficient input sanitization and output escaping. Th...