Archives: Reports

WordPress Plugin

magic-action-box

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-27

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

woo-related-products-refresh-on-reload

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-27

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

weather-atlas

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

bellows-accordion-menu

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

modal-window

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

options-for-twenty-seventeen

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

simple-cloudflare-turnstile

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-22

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

wp-font-awesome

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-22

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

tcd-google-maps

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-22

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

wp-mailto-links

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

bsk-pdf-manager

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

formget-contact-form

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

delete-me

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

advanced-menu-widget

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-20

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

copy-the-code

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-20

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

youtube-widget-responsive

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-19

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

iframe-forms

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-19

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

ziteboard-online-whiteboard

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-19

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

wp-charts

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-19

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

leaflet-map

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-18

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

callrail-phone-call-tracking

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-18

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

rafflepress

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-16

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

embed-calendly-scheduling

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-15

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

horizontal-scrolling-announcement

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-15

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

WordPress Plugin

contact-form-builder

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-09-15

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.