5210 matches found
Cross site scripting
The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Cross site scripting
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqusname' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible f...
CVE-2024-0587 Accelerated Mobile Pages <= 1.0.92.1 - Reflected Cross-Site Scripting
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqusname' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible f...
SimpleMap Store Locator <= 2.6.1 - Unauthenticated Stored Cross-Site Scripting
Description The SimpleMap Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
WPZOOM Shortcodes < 1.0.2 - Reflected Cross-Site Scripting
Description The WPZOOM Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via certain input fields in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-7063
The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via 'tag'
Description The plugin is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-lev...
WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via header_tag
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to unrestricted use of the 'headertag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inje...
Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class
Description The Image Tag Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'defaultclass’ parameter in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
BA Plus <= 1.0.3 - Reflected Cross-Site Scripting
Description The BA Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Post views Stats <= 1.3 - Reflected Cross-Site Scripting via from and to
Description The Post views Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from’ and 'to' parameters in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Cross site scripting
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-6958 WP Recipe Maker <= 9.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2023-6970 WP Recipe Maker <= 9.1.0 - Reflected Cross-Site Scripting via Referer
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-6970 WP Recipe Maker <= 9.1.0 - Reflected Cross-Site Scripting via Referer
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Constant Contact Forms by MailMunch < 2.1.0 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via an unknown parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will...
Profile Builder Pro < 3.10.1 - Reflected Cross-Site Scripting
Description The Profile Builder Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CformsII < 15.0.7 - Unauthenticated Stored XSS
Description The plugin is vulnerable to stored Cross-Site Scripting via an unknown parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...
Cross site scripting
The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
List category posts < 0.89.4 - Contributor+ Stored Cross-Site Scripting via Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...