JVN#05136799: WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting

"Custom Alert Content" of WordPress Plugin "VK All in One Expansion Unit" provided by Vektor,Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update...

Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"

Overview WordPress Plugin "WordPress Quiz Maker Plugin" provided by AYS Pro Plugins contains an improper input validation vulnerability CWE-20. Shogo Kumamaru of LAC CyberLink Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

JVN#57524494: Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE

Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L| Base Score: 7.1 CVSS v2|...

WordPress WooCommerce Amazon Affiliates - Arbitrary File Upload

This WordPress plugin is vulnerable to Local File Disclosure and Remote Code Execute via Arbitrary File Upload. Solution Update the plugin...

WordPress Foxypress Plugin 0.4.2.5 - Multiple Vulnerabilities

Foxypress plugin is prone to multiple vulnerabilities. 1. Arbitrary file upload vulnerability via "documenthandler.php". It allows an attacker to upload files with arbitrary extension to remote system. 2. SQL Injection vulnerability via "documenthandler.php" that allows an attacker to insert any...

WordPress Spider Calendar Plugin - Multiple Vulnerabilities

Spider Calendar plugin is prone to multiple vulnerabilities such as cross-site scripting, SQL injection and HTTP parameter pollution. Solution Update the plugin...