5207 matches found
Cross site scripting
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the updaterow parameter found in the /includes/addproduct.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...
Cross site scripting
The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
Cross site scripting
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
Cross site scripting
The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1...
Cross site scripting
The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1...
Cross site scripting
The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the /bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3...
Cross site scripting
The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the /views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2...
Cross site scripting
The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the /views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1...
Cross site scripting
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /includes/pluginsettings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10...
CVE-2021-38357 SMS OVH <= 0.1 Reflected Cross-Site Scripting
The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the /sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1...
CVE-2021-38354 GNU-Mailman Integration <= 1.0.6 Reflected Cross-Site Scripting
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
CVE-2021-38327 YouTube Video Inserter <= 1.2.1.0 Reflected Cross-Site Scripting
The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0...
CVE-2021-38347 Custom Website Data <= 2.2 Reflected Cross-Site Scripting
The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the /views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2...
CVE-2021-38355 Bug Library <= 2.0.3 Reflected Cross-Site Scripting
The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the /bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3...
CVE-2021-38336 Edit Comments XT <= 1.0 Reflected Cross-Site Scripting
The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
CVE-2021-38331 WP-T-Wap <= 1.13.2 Reflected Cross-Site Scripting
The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the /wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2...
CVE-2021-38333
The CVE-2021-38333 entry refers to the WP Scrippets WordPress plugin. A Reflected Cross-Site Scripting (XSS) vulnerability exists due to a reflected $_SERVER["PHP_SELF"] value in ~/wp-scrippets.php, enabling injection of arbitrary web scripts. Affected versions are up to and including 1.5.1. CVSS...
CVE-2021-38341 WooCommerce Payment Gateway Per Category <= 2.0.10 Reflected Cross-Site Scripting
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /includes/pluginsettings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10...
CVE-2021-38340 Wordpress Simple Shop <= 1.2 Reflected Cross-Site Scripting
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the updaterow parameter found in the /includes/addproduct.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...
CVE-2021-38348 Advance Search <= 1.1.2 Reflected Cross-Site Scripting
The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2...