2 matches found
WordPress Dynamic AJAX Product Filters for WooCommerce plugin <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via name Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Dynamic AJAX Product Filters for WooCommerce versions = 1.3.7...
CVE-2021-36841
Authenticated Stored Cross-Site Scripting XSS vulnerability in YITH Maintenance Mode WordPress plugin versions = 1.3.7, vulnerable parameter &yithmaintenancenewslettersubmitlabel. Possible even when unfiltered HTML is disallowed by WordPress configuration...