WordPress Anti-Spam Protection – No API Key, GDPR Friendly plugin <= 2.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Anti-Spam by Fullworks : GDPR Compliant Spam Protection versions = 2.3.7...

WordPress Auto-Install Free SSL – Generate & Install Free SSL Certificates plugin <= 4.5.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Free SSL Certificate Plugin, HTTPS Redirect, Renewal Reminder – Auto-Install Free SSL versions = 4.5.0...

WordPress Automatic Internal Links for SEO by Pagup plugin <= 2.0.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Internal Linking for SEO traffic & Ranking – Auto internal links 100% automatic versions = 2.0.0...

WordPress Automatic YouTube Gallery plugin <= 2.5.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Automatic YouTube Gallery versions = 2.5.5...

WordPress AWCA – The Great Analytics Insights for Your eStore plugin <= 3.12.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Advanced WC Analytics versions = 3.12.0...

WordPress Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages plugin <= 2.6.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin BP Better Messages versions = 2.6.7...

WordPress bBlocks – Essential Gutenberg Blocks & Patterns Collection plugin <= 1.9.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin B Blocks versions = 1.9.8...

WordPress BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor plugin <= 3.2.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Blockspare versions = 3.2.6...

WordPress Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News plugin <= 3.4.9 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin News & Blog Designer Pack versions = 3.4.9...

WordPress Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) plugin <= 2.1.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Bulk Auto Image Alt Text Alt tag, Alt attribute optimization image SEO + Woocommerce versions = 2.1.0...

WordPress Bulk Edit Posts and Products in Spreadsheet plugin <= 2.25.16 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Bulk Edit Posts and Products in Spreadsheet versions = 2.25.16...

WordPress Carousel, Recent Post Slider and Banner Slider plugin <= 2.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Spice Post Slider versions = 2.1...

WordPress Checkout with Cash App on WooCommerce plugin <= 6.0.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Checkout with Cash App on WooCommerce versions = 6.0.2...

WordPress Code Manager plugin <= 1.0.40 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Code Manager versions = 1.0.40...

WordPress Contact Form 7 Multi-Step Forms plugin <= 4.4.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form 7 Multi-Step Forms versions = 4.4.1...

WordPress Coupon Affiliates – Affiliate Plugin for WooCommerce plugin <= 5.17.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Coupon Affiliates versions = 5.17.2...

WordPress Custom PHP Settings plugin <= 2.3.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Custom PHP Settings versions = 2.3.1...

WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Custom WooCommerce Checkout Fields Editor versions = 1.3.4...

WordPress Delete Posts automatically plugin <= 3.9.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Delete old Posts automatically versions = 3.9.6...

WordPress Disable Payment Methods based on cart conditions for WooCommerce plugin <= 1.16.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WooCommerce Disable Payment Methods based on cart conditions versions = 1.16.3...

WordPress Display Eventbrite Events plugin <= 6.1.10 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Display Eventbrite Events versions = 6.1.10...

WordPress Dracula Dark Mode – Accessibility, Reading Mode & Dark Mode for WordPress plugin <= 1.2.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress versions = 1.2.7...

WordPress Dynamic Copyright Year plugin <= 1.0.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Dynamic Copyright Year versions = 1.0.4...

WordPress Easy Age Verify plugin <= 1.8.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Easy Age Verify versions = 1.8.5...

WordPress Easy Appointment Booking & Scheduling System – Webba Booking Calendar plugin <= 5.0.57 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Webba Booking versions = 5.0.57...

WordPress Easy Social Feed – Social Photos Gallery and Post Feed for WordPress plugin <= 6.6.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Easy Social Feed versions = 6.6.5...

WordPress EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder plugin <= 2.5.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin EazyDocs versions = 2.5.7...

WordPress EleSpare – News, Magazine and Blog Addons for Elementor plugin <= 3.3.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Elespare versions = 3.3.2...

WordPress Embedder for Google Reviews plugin <= 1.6.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Embedder for Google Reviews versions = 1.6.6...

WordPress Events Addon for Elementor plugin <= 2.2.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Events Addon for Elementor versions = 2.2.2...

WordPress Featured Images in RSS for Mailchimp & More plugin <= 1.6.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Featured Images in RSS for Mailchimp & More versions = 1.6.3...

WordPress Five-Star Ratings Shortcode plugin <= 1.2.56 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Five-Star Ratings Shortcode versions = 1.2.56...

WordPress File Manager for Google Drive – Integrate Google Drive plugin <= 1.4.9 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Integrate Google Drive versions = 1.4.9...

WordPress Forumax – AI Powered Advanced Community Forum Plugin plugin <= 1.2.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin BBP Core versions = 1.2.7...

WordPress Full Screen Background plugin <= 2.0.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Full Screen Background versions = 2.0.2...

WordPress GA4WP – Analytics Dashboard for the Website plugin <= 2.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin GA4WP: Google Analytics for WordPress versions = 2.6.0...

WordPress Gallery by FooGallery plugin <= 2.4.27 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin FooGallery versions = 2.4.27...

WordPress Geo Mashup plugin <= 1.13.15 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Geo Mashup versions = 1.13.15...

WordPress Glossary plugin <= 2.2.38 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Glossary versions = 2.2.38...

WordPress Go Fetch Jobs (for WP Job Manager) plugin <= 1.8.4.8.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Go Fetch Jobs for WP Job Manager versions = 1.8.4.8.1...

WordPress Goal Tracker – Custom Event Tracking for GA4 plugin <= 1.1.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Goal Tracker - Custom Event Tracking for GA4 versions = 1.1.5...

WordPress HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin <= 2.2.27 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Html5 Audio Player versions = 2.2.27...

WordPress Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI plugin <= 1.6.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Alt Manager versions = 1.6.3...

WordPress Inavii Social Feed plugin <= 2.7.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Inavii for Elementor Social Feed versions = 2.7.0...

WordPress Independent Analytics plugin <= 2.9.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Independent Analytics - Google Analytics Alternative for WordPress versions = 2.9.7...

WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Internal Link Juicer: SEO Auto Linker for WordPress versions = 2.24.6...

WordPress Ivory Search – WordPress Search Plugin plugin <= 5.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Ivory Search versions = 5.5.8...

WordPress Joli Table Of Contents plugin <= 2.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Joli Table Of Contents versions = 2.6.0...

WordPress Justified Gallery plugin <= 1.9.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Justified Gallery versions = 1.9.0...

WordPress Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce plugin <= 1.10.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Location Picker at Checkout for WooCommerce versions = 1.10.6...