CVE-2023-7168

The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

WordPress plugin Smart Post Show 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2025-36558

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

WordPress plugin Kiotviet KiotViet Sync 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

WordPress plugin Listings for Buildium 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2024-13597

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form sent to login panel at /softcom/ with a malicious script, what causes the script to run in user's context. This vulnerability ha...

PT-2025-13055 · Wip · Woocarousel Lite

Name of the Vulnerable Software and Affected Versions: WIP WooCarousel Lite versions 1.1.7 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can execute malicious scripts on the victim's browser,...

CVE-2025-1622

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9458

The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-5968 · Unknown · Inlocation

Name of the Vulnerable Software and Affected Versions: InLocation versions n/a through 1.8 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also...

PT-2025-5016 · Localgrid · Localgrid

Name of the Vulnerable Software and Affected Versions: LocalGrid versions n/a through 1.0.1 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables an attacker to inject malicious scripts into ...

WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin RSS News Scroller versions = 2.0.0...

PT-2025-5029 · Unknown · Shabbos/Yom Tov

Name of the Vulnerable Software and Affected Versions: Shabbos and Yom Tov versions 1.9 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-5003 · Mfplugin · Mfplugin

Name of the Vulnerable Software and Affected Versions: MFPlugin versions n/a through 1.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also stor...

CVE-2024-6155

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshiftdownloadfilelocaly function...

CVE-2024-8236 Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possibl...

PT-2024-34803 · Geekrmx · Geekrmx Twitter @Anywhere Plus

Name of the Vulnerable Software and Affected Versions: GeekRMX Twitter @Anywhere Plus versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that can lead to Stored XSS. This problem affects GeekRMX Twitter @Anywhere Plus, allowing for potential malicio...

PT-2024-32702 · Copyscape · Copyscape Premium

Name of the Vulnerable Software and Affected Versions: Copyscape Premium versions through 1.3.6 Description: A Cross-Site Request Forgery CSRF vulnerability is present in Copyscape Premium, allowing Stored XSS. Recommendations: For versions through 1.3.6, update to a version that fixes the CSRF...

PT-2024-37470 · WordPress · Request A Quote

Name of the Vulnerable Software and Affected Versions: Request a Quote WordPress plugin versions prior to 2.4.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

PT-2024-28126 · Unknown · Post Layouts For Gutenberg

Name of the Vulnerable Software and Affected Versions: Post Layouts for Gutenberg versions 1.2.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendation...