CVE-2024-11254

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqusname parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary we...

WordPress User Referral plugin <= 8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin User Referral versions = 8.0...

WordPress SMS for WooCommerce plugin <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SMS for WooCommerce versions = 2.8.1...

PT-2024-36228 · Unknown · Connect Contact Form 7 To Constant Contact

Name of the Vulnerable Software and Affected Versions: Connect Contact Form 7 to Constant Contact versions 1.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. Specifically, it is...

PT-2024-39714 · WordPress · Myparcel

Name of the Vulnerable Software and Affected Versions: MyParcel plugin for WordPress versions up to, and including, 4.24.1 Description: The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This...

WordPress WP Pipes plugin <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter vulnerability

Reflected Cross-Site Scripting via x1 Parameter vulnerability discovered by vgo0 in WordPress Plugin WP Pipes versions = 1.4.1...

WordPress WPC Order Notes for WooCommerce plugin <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WPC Order Notes for WooCommerce versions = 1.5.2...

CVE-2024-54043

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2024-10879

The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to...

PT-2024-38650 · Kofax · Totalagility

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Kofax TotalAgility versions all through 7.9.0.25.0.954 Description: The issue is a Reflected XSS vulnerability that can be exploited through manipulation of the mfpConnectionId parameter in a form sent to endpoints...

CVE-2023-6978

The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2024-11252

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateormastodonshare parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11685

The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attacker...

WordPress plugin SEO Landing Page Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin SEO Landin...

WordPress plugin MailMunch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

PT-2024-16936 · Paypal +3 · Paypal +4

Name of the Vulnerable Software and Affected Versions: The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress versions prior to 1.112.1 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg...

PT-2024-39599 · WordPress · Branda – White Label & Branding

Name of the Vulnerable Software and Affected Versions: The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress versions up to, and including, 3.4.19 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without...

PT-2024-16878 · WordPress · Gd Bbpress Attachments

Name of the Vulnerable Software and Affected Versions: GD bbPress Attachments plugin for WordPress versions up to, and including, 4.7.2 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows...

CVE-2024-50522 WordPress WeChat Subscribers Lite plugin <= 1.6.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redyyu WeChat Subscribers Lite wechat-subscribers-lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through = 1.6.6...

CVE-2024-9777

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...