CVE-2024-37949

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CyberChimps Responsive Mobile allows Stored XSS.This issue affects Responsive Mobile: from n/a through 1.15.1...

CVE-2024-41239

A Stored Cross Site Scripting XSS vulnerability was found in "/smsa/addclasssubmit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "classname" parameter field...

CVE-2024-51940

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sohelwpexpert WP Responsive Video my-wp-responsive-video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through = 1.0...

CVE-2024-51785

Server-Side Request Forgery SSRF vulnerability in Nks Responsive Filterable Portfolio responsive-filterable-portfolio allows Server Side Request Forgery.This issue affects Responsive Filterable Portfolio: from n/a through = 1.0.22...

CVE-2023-47520

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Michael Uno miunosoft Responsive Column Widgets plugin = 1.2.7 versions...

CVE-2023-49174

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5...

CVE-2023-2119

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-1498

A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to launch the attack...

CVE-2023-1041

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/ratereview.php. The manipulation of the argument id with the input 1" leads to cross site scripting. It is possible to initiat...

CVE-2023-0368

The Responsive Tabs For WPBakery Page Builder formerly Visual Composer WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...

CVE-2023-32107

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin = 5.1.3 versions...

CVE-2023-45762

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Michael Uno miunosoft Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7...

CVE-2023-24409

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin = 1.1.15 versions...

CVE-2023-2482

The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin...

CVE-2022-29659

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php...

CVE-2022-44276

In Responsive Filemanager 9.12.0, an attacker can bypass upload restrictions resulting in RCE...

CVE-2022-3987

The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2021-24398

The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is...

CVE-2021-24457

The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...

CVE-2021-25206

Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Productmodel.php...