56 matches found
WordPress Custom Word Cloud plugin <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via angle Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via angle Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Custom Word Cloud versions = 0.3...
WordPress StreamWeasels Kick Integration plugin <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gai Tanaka in WordPress Plugin SW Kick Integration versions = 1.1.4...
WordPress Station Pro plugin <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via width and height Parameters vulnerability discovered by Peter Thaleikis in WordPress Plugin Station Pro versions = 2.4.2...
WordPress JetPopup plugin <= 2.0.15.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetPopup versions = 2.0.15.1...
WordPress Easy restaurant menu manager plugin <= 2.0.1 - Authenticated (Contributot+) Stored Cross-Site Scripting via `nsc_eprm_menu_link` Shortcode vulnerability
Authenticated Contributot+ Stored Cross-Site Scripting via nsceprmmenulink Shortcode vulnerability discovered by Alex Thomas in WordPress Plugin Easy pdf restaurant menu upload versions = 2.0.1...
WordPress OwnerRez API plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin OwnerRez API versions = 1.2.1...
WordPress Video Gallery Block plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Video Gallery Block versions = 1.1.0...
WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via button+modal Widget vulnerability discovered by Webbernaut in WordPress Plugin WidgetKit versions = 2.5.4...
WordPress FL3R Accessibility Suite plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode vulnerability discovered by Gilang in WordPress Plugin FL3R Accessibility Suite versions = 1.4...
WordPress WP Wall plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Wall versions = 1.7.3...
WordPress WP-PhotoNav plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photonav Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via photonav Shortcode vulnerability discovered by Gilang in WordPress Plugin WP-PhotoNav versions = 1.2.2...
CVE-2025-50043 WordPress Code Engine plugin <= 0.3.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jordy Meow Code Engine code-engine allows Stored XSS.This issue affects Code Engine: from n/a through = 0.3.2...
WordPress Inventory Presser plugin <= 15.2.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by greenhats in WordPress Plugin Inventory Presser versions = 15.2.6...
WordPress ANON::form embedded secure form plugin <= 1.7 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin ANON::form embedded secure form versions = 1.7...
WordPress IndieBlocks plugin <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via kind Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin IndieBlocks versions = 0.13.2...
WordPress Domain For Sale plugin <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via classname Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Domain For Sale versions = 3.0.10...
WordPress Simple Google Static Map plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin Simple Google Static Map versions = 1.0.1...
WordPress Tournamatch plugin <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Chuck in WordPress Plugin Tournamatch versions = 4.6.1...
CVE-2025-46518 WordPress IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through 4.5.3...
CVE-2024-6498
The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...