CVE-2021-34643 Skaut bazar <= 1.3.2 Reflected Cross-Site Scripting

The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2...

SP Project & Document Manager < 4.26 - Reflected Cross-Site Scripting

The plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts PoC https://example.com/wp-admin/admin.php?page=sp-client-document-manager=" style=animation-name:rotation...

SEOPress 5.0.0 – 5.0.3 - Authenticated Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ;...

Calendar_plugin <= 1.0 - Reflected Cross-Site Scripting

The Calendarplugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /calendar.php file which allows attackers to inject arbitrary web scripts...

TypoFR <= 0.11 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the /vendor/OrgHeigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts...

Simple Popup Newsletter <= 1.4.7 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts...

Simple Behance Portfolio <= 0.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the dark parameter in the /titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts...

Media Usage <= 0.0.4 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the /mmuadmin.php file which allows attackers to inject arbitrary web scripts...

Skaut bazar < 1.3.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts PoC https://example.com/wp-admin/options-general.php/"/?page=skatubazaroption...

2Way VideoCalls and Random Chat < 5.2.8 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the vwsnotice AJAX action found in the /inc/requirements.php file which allows attackers to inject arbitrary web scripts...

Scribble Maps <= 1.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the /includes/admin.php file which allows attackers to inject arbitrary web scripts...

Custom Post Type Relations <= 1.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the cptrname parameter found in the /pages/admin-page.php file which allows attackers to inject arbitrary web scripts...

Smart Email Alerts <= 1.0.10 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the apikey in the /views/settings.php file which allows attackers to inject arbitrary web scripts...

Multiplayer Games <= 3.7 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts...

WP Fountain <= 1.5.9 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /wp-fountain.php file which allows attackers to inject arbitrary web scripts...

CVE-2020-20990

A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...

CVE-2020-20990

A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...

Cross site scripting

A cross site scripting XSS vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter...

CVE-2020-20988

A cross site scripting XSS vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter...

CVE-2020-20977

A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...