5207 matches found
Cross site scripting
The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9...
Cross site scripting
The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptrname parameter found in the /pages/admin-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
Cross site scripting
The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the email parameter in the /license.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.32...
CVE-2021-38315 SP Project & Document Manager <= 4.25 Reflected Cross-Site Scripting
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...
CVE-2021-34641
The CVE-2021-34641 entry concerns the WordPress SEOPress plugin (versions 5.0.0–5.0.3). A Stored Cross‑Site Scripting (XSS) vulnerability exists via the REST API endpoint, in particular through the processPut function in ~/src/Actions/Api/TitleDescriptionMeta.php, allowing an authenticated attack...
CVE-2021-34641 SEOPress <= 5.0.0 – 5.0.3 Authenticated Stored Cross-Site Scripting
The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3...
CVE-2021-34667 Calendar_plugin <= 1.0 Reflected Cross-Site Scripting
The Calendarplugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
CVE-2021-34664 Moova for WooCommerce <= 3.5 Reflected Cross-Site Scripting
The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the /Checkout/Checkout.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5...
CVE-2021-34659 Plugmatter Pricing Table Lite <= 1.0.32 Reflected Cross-Site Scripting
The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the email parameter in the /license.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.32...
CVE-2021-34659
The CVE-2021-34659 entry concerns the WordPress Plugmatter Pricing Table Lite plugin. Affected component: license.php parameter email, which is vulnerable to Reflected Cross-Site Scripting (XSS) in versions up to and including 1.0.32. The underlying issue is a reflected XSS flaw that allows injec...
CVE-2021-34663 jQuery Tagline Rotator <= 0.1.5 Reflected Cross-Site Scripting
The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...
CVE-2021-34658 Simple Popup Newsletter <= 1.4.7 Reflected Cross-Site Scripting
The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7...
CVE-2021-34658 Simple Popup Newsletter <= 1.4.7 Reflected Cross-Site Scripting
The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7...
CVE-2021-34657 TypoFR <= 0.11 Reflected Cross-Site Scripting
The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the /vendor/OrgHeigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11...
CVE-2021-34657 TypoFR <= 0.11 Reflected Cross-Site Scripting
The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the /vendor/OrgHeigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11...
CVE-2021-34651 Scribble Maps <= 1.2 Reflected Cross-Site Scripting
The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the /includes/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...
CVE-2021-34649 Simple Behance Portfolio <= 0.2 Reflected Cross-Site Scripting
The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dark parameter in the /titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2...
CVE-2021-34652 Media Usage <= 0.0.4 Reflected Cross-Site Scripting
The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the /mmuadmin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4...
CVE-2021-34642
The CVE-2021-34642 entry concerns the WordPress Smart Email Alerts plugin (versions up to 1.0.10) vulnerable to Reflected Cross-Site Scripting via the api_key in ~/views/settings.php. The underlying issue allows injection of arbitrary scripts, with network access and user interaction required (CV...
CVE-2021-34644 Multiplayer Games <= 3.7 Reflected Cross-Site Scripting
The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7...