Lucene search
K

20 matches found

Cvelist
Cvelist
added 2024/12/04 7:32 a.m.38 views

CVE-2023-6978 WP Job Manager – Company Profiles <= 1.7 - Reflected Cross-Site Scripting

The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

6.1CVSS0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/03 7:34 a.m.11 views

CVE-2024-11461 Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting

The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS6.5AI score0.00348EPSS
Exploits0References3
NVD
NVD
added 2024/11/23 5:15 a.m.37 views

CVE-2024-11361

The PDF Invoices & Packing Slips Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers t...

6.1CVSS0.00421EPSS
Exploits0References4
NVD
NVD
added 2024/11/19 10:15 p.m.34 views

CVE-2024-11400

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the reallycurrtax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.00315EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/16 3:20 a.m.17 views

CVE-2024-9938 Bounce Handler MailPoet 3 <= 1.3.21 - Reflected Cross-Site Scripting

The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.0038EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/13 2:2 a.m.47 views

CVE-2024-10851 Razorpay Payment Button <= 2.4.6 - Reflected Cross-Site Scripting

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

6.1CVSS0.00491EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/17 7:34 a.m.10 views

CVE-2024-9951 Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00291EPSS
Exploits0References2
CVE
CVE
added 2024/10/17 3:32 a.m.48 views

CVE-2024-8719

CVE-2024-8719 – Flexmls® IDX Plugin for WordPress has a Reflected Cross-Site Scripting vulnerability in all versions up to 3.14.22. The issue arises from insufficient input sanitization and output escaping for multiple parameters (e.g., MaxBeds, MinBeds), allowing an unauthenticated attacker to i...

6.1CVSS6.2AI score0.00291EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/10 2:6 a.m.17 views

CVE-2024-9205 Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting

The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00349EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/01 8:30 a.m.11 views

CVE-2024-9209 WP Search Analytics <= 1.4.10 - Reflected Cross-Site Scripting

The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6.4AI score0.0037EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/01 7:30 a.m.13 views

CVE-2024-8718 Gravity Forms Toolbar <= 1.7.0 - Reflected Cross-Site Scripting

The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6.4AI score0.00364EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/13 6:47 a.m.13 views

CVE-2024-8665 YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting

The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

6.1CVSS6.5AI score0.00466EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/28 6:57 a.m.34 views

CVE-2024-6288 Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktokuserid’ parameter in all versions up to, and including, 7.1.0 due to insufficient input sanitization and output...

4.7CVSS0.00421EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/21 8:39 a.m.26 views

CVE-2024-5859 Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/22 7:37 a.m.12 views

CVE-2024-2119 LuckyWP Table of Contents <= 2.1.5 - Reflected Cross-Site Scripting

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS6.1AI score0.0038EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/02 4:57 p.m.9 views

CVE-2024-3681 Interactive World Maps <= 2.4.14 - Reflected Cross-Site Scripting

The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search s parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.1AI score0.00504EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/19 2:34 a.m.11 views

CVE-2024-3615

The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.5AI score0.00385EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.8CVSS6.7AI score0.00592EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/03/03 9:29 p.m.35 views

CVE-2023-0968 Watu Quiz <= 3.3.9 - Reflected Cross-Site Scripting

The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6.1AI score0.01252EPSS
Exploits3References3
Prion
Prion
added 2022/12/02 9:15 p.m.21 views

Cross site scripting

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

5.8CVSS6AI score0.00824EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder