WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting

WordPress enhanced-tooltipglossary 3.2.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

EUVD-2026-29406

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lpupdatemds AJAX action in all versions up to, and including, 2.2.2. This is due to the wpajaxnoprivlpupdatemds action being registered without nonce verification or capability checks,...

CVE-2016-10952

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter...

EUVD-2014-5236

Malware in sbrugna...

EUVD-2007-5682

Malware in sbrugna...

EUVD-2011-3811

Malware in sbrugna...

EUVD-2017-18002

Malware in sbrugna...

EUVD-2017-9671

Malware in sbrugna...

EUVD-2015-9231

Malware in sbrugna...

EUVD-2015-9312

Malware in sbrugna...

EUVD-2015-9216

Malware in sbrugna...

EUVD-2016-1992

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-16221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.3 allows reflected XSS in the dashboard. CVE-2019-16221 Note that Nessus relies on the presence of the package as reported by the vendor...

CVE-2025-52786

CVE-2025-52786 is a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin Media Folder. Affected versions are up to 1.0.0; the root cause is improper input neutralization during web page generation, enabling Reflected XSS. CVSSv3.1 base score is 7.1 (HIGH) with network attack...

CVE-2025-28957 WordPress OwnerRez API plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OwnerRez OwnerRez API ownerrez allows Stored XSS.This issue affects OwnerRez API: from n/a through = 1.2.1...

CVE-2025-47654 WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.20 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.20...

CVE-2020-35946

An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS...

CVE-2015-9372

Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2019-15327

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data...

CVE-2025-30837 WordPress WooCommerce Fattureincloud plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cristiano Zanca WooCommerce Fattureincloud woo-fattureincloud allows Reflected XSS.This issue affects WooCommerce Fattureincloud: from n/a through = 2.6.7...