5210 matches found
CVE-2024-46606
A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
CVE-2021-4452
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary we...
CVE-2017-20193
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendordescription' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2020-36840
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxrouteurl function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers t...
CVE-2023-7295 Video Grid <= 1.21 - Reflected Cross-Site Scripting
The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
CVE-2023-7295 Video Grid <= 1.21 - Reflected Cross-Site Scripting
The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
CVE-2021-4452 Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary we...
CVE-2021-4452
CVE-2021-4452 affects the Google Language Translator plugin for WordPress (versions up to 6.0.9). The vulnerability is a Reflected Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in multiple parameters, enabling authenticated attackers to inject scripts in ...
CVE-2021-4452 Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary we...
CVE-2017-20193 Product Vendors <= 2.0.35 - Reflected Cross Site Scripting
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendordescription' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2023-7296 BigBlueButton <= 3.0.0-beta.4 - Authenticated (Author+) Stored Cross-Site Scripting
The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
CVE-2022-4973
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into...
CVE-2019-25216 Rich Reviews <= 1.7.4 - Stored Cross-Site Scripting
The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2017-20192 Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting
The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'afterhtml' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2022-4971 Sassy Social Share <= 3.3.3 - Reflected Cross-Site Scripting
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-9937 Woo Manage Fraud Orders <= 2.6.1 - Reflected Cross-Site Scripting
The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-9652
The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9647
The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-9647 Kama SpamBlock <= 1.8.2 - Reflected Cross-Site Scripting
The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-9647
CVE-2024-9647 (Kama SpamBlock) affects the Kama SpamBlock WordPress plugin. The vulnerability is a reflected Cross-Site Scripting (XSS) via POST values in all versions up to and including 1.8.2, caused by insufficient input sanitization and output escaping. It allows unauthenticated attackers to ...