Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0.
Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital WP Map Route Planner allows Cross Site Request Forgery. This issue affects WP Map Route Planner: from n/a through 1.0.0.
Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nightshift Creative PropertyShift allows Reflected XSS.This issue affects PropertyShift: from n/a through 1.0.0.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zack Gilbert and Paul Jarvis WPHelpful allows Reflected XSS.This issue affects WPHelpful: from n/a through 1.2.4.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions.
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gopi.R Twitter real time search scrolling allows Reflected XSS.This issue affects Twitter real time search scrolling: from n/a through 7.0.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael DUMONTET eewee admin custom allows Reflected XSS.This issue affects eewee admin custom: from n/a through 1.8.2.4.
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Minerva Infotech Responsive Data Table allows Reflected XSS.This issue affects Responsive Data Table: from n/a through 1.3.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet Marketing Dojo WP Affiliate Links plugin <= 0.1.1 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <= 3.0.0 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <= 1.2.9 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpress Chilexpress woo oficial plugin <= 1.2.9 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.
Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PluginForage WooCommerce Product Categories Selection Widget plugin <= 2.0 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rakib Hasan Dynamic QR Code Generator plugin <= 0.0.5 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.5.5 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.3 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad I. Okfie WP-Hijri plugin <= 1.5.1 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <= 1.0 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.8 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu para WooCommerce plugin <= 2.2.9 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through 2.8.