Archives: Reports
CVE ID:
CVE-2023-5231
WordPress Plugin
magic-action-box
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-27
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5234
WordPress Plugin
woo-related-products-refresh-on-reload
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-27
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5163
WordPress Plugin
weather-atlas
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-25
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5164
WordPress Plugin
bellows-accordion-menu
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-25
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5161
WordPress Plugin
modal-window
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-23
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5162
WordPress Plugin
options-for-twenty-seventeen
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-23
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5135
WordPress Plugin
simple-cloudflare-turnstile
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-22
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5127
WordPress Plugin
wp-font-awesome
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-22
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5128
WordPress Plugin
tcd-google-maps
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-22
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5109
WordPress Plugin
wp-mailto-links
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-21
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5110
WordPress Plugin
bsk-pdf-manager
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-21
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5125
WordPress Plugin
formget-contact-form
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-21
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5126
WordPress Plugin
delete-me
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-21
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5085
WordPress Plugin
advanced-menu-widget
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-20
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5086
WordPress Plugin
copy-the-code
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-20
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5063
WordPress Plugin
youtube-widget-responsive
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-19
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5073
WordPress Plugin
iframe-forms
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-19
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5076
WordPress Plugin
ziteboard-online-whiteboard
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-19
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5062
WordPress Plugin
wp-charts
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-19
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5050
WordPress Plugin
leaflet-map
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-18
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5051
WordPress Plugin
callrail-phone-call-tracking
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-18
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5049
WordPress Plugin
rafflepress
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-16
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-4995
WordPress Plugin
embed-calendly-scheduling
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-15
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5001
WordPress Plugin
horizontal-scrolling-announcement
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-15
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.
CVE ID:
CVE-2023-5048
WordPress Plugin
contact-form-builder
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-09-15
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.