Archives: Reports

CVE ID:

CVE-2024-3811

WordPress Plugin

salient-shortcodes

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2024-04-15

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5742

WordPress Plugin

easyrotator-for-wordpress

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5744

WordPress Plugin

very-simple-google-maps

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5741

WordPress Plugin

powr-pack

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5740

WordPress Plugin

wp-facebook-messenger

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5743

WordPress Plugin

telephone-number-linker

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5708

WordPress Plugin

wp-post-columns

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5707

WordPress Plugin

seo-slider

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5704

WordPress Plugin

cpo-shortcodes

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-20

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5705

WordPress Plugin

vk-filter-search

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-20

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5706

WordPress Plugin

vk-blocks

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-20

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5703

WordPress Plugin

gift-up

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-20

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5669

WordPress Plugin

featured-image-caption

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-19

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5667

WordPress Plugin

tabs-pro

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-18

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5666

WordPress Plugin

accordions-wp

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-18

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5668

WordPress Plugin

whatsapp

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-18

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5615

WordPress Plugin

skype-online-status

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-17

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5665

WordPress Plugin

payment-forms-for-paystack

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-17

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5639

WordPress Plugin

team-showcase

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-17

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5662

WordPress Plugin

wp-sponsors

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-16

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5664

WordPress Plugin

garden-gnome-package

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-16

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5660

WordPress Plugin

sendpress

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-14

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5659

WordPress Plugin

interact-quiz-embed

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-14

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5613

WordPress Plugin

super-testimonial

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-14

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

CVE ID:

CVE-2023-5614

WordPress Plugin

theme-switcha

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-10-14

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.