CVE-2020-19703

A cross-site scripting XSS vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

WordPress Real Media Library < 4.14.2 - Author Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the /inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names...

CVE-2021-34645

The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0...

CVE-2021-34645 Shopping Cart & eCommerce Store <= 5.1.0 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0...

Shopping Cart & eCommerce Store < 5.1.1 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts...

CVE-2020-23341

A reflected cross site scripting XSS vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2020-23341

A reflected cross site scripting XSS vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A reflected cross site scripting XSS vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2021-34665

The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the saqtxtthefilter parameter in the /wp-seo-tags.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.7...

CVE-2021-34652

The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the /mmuadmin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4...

CVE-2021-34649

The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dark parameter in the /titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2...

CVE-2021-34643

The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2...

Cross site scripting

The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the saqtxtthefilter parameter in the /wp-seo-tags.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.7...

Cross site scripting

The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the vwsnotice function found in the /inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7...

Cross site scripting

The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the /Checkout/Checkout.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5...

Cross site scripting

The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the /inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11...

Cross site scripting

The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dark parameter in the /titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2...

Cross site scripting

The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2...

Cross site scripting

The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the /mmuadmin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4...

Cross site scripting

The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9...