PT-2025-6160

Name of the Vulnerable Software and Affected Versions: Stray Random Quotes WordPress plugin versions 1.9.9 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in...

ARMember (free and premium) - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin and above to perform Cross-Site Scripting attacks...

Stop Spammers Security < 2023 - Reflected XSS

The plugin does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing the code below...

CVE-2022-1951

The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected...

Image Hover Effects Ultimate < 9.7.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2021-25034 WP User < 7.0 - Reflected Cross-Site Scripting

The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues...