Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Get Bowtied Product Blocks for WooCommerce product-blocks-for-woocommerce allows Stored XSS.This issue affects Product Blocks for WooCommerce: from n/a through <= 1.9.1.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Usersnap plugin <= 4.16 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wolfgang Include Mastodon Feed include-mastodon-feed allows DOM-Based XSS.This issue affects Include Mastodon Feed: from n/a through <= 1.9.9.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.2.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Admiral Ad Blocking Detector ad-blocking-detector allows Stored XSS.This issue affects Ad Blocking Detector: from n/a through <= 3.6.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in albedo0 Boot-Modal boot-modal allows Stored XSS.This issue affects Boot-Modal: from n/a through <= 1.9.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roninwp FAT Event Lite fat-event-lite allows Stored XSS.This issue affects FAT Event Lite: from n/a through <= 1.1.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PORTONE 아임포트 결제버튼 생성 플러그인 iamport-payment allows Stored XSS.This issue affects 아임포트 결제버튼 생성 플러그인: from n/a through <= 1.1.19.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in copist Icons Enricher icons-enricher allows Stored XSS.This issue affects Icons Enricher: from n/a through <= 1.0.8.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mr Digital Simple Image Popup plugin <= 1.3.6 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce vayu-blocks allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through <= 1.4.7.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin <= 1.1.3 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.48 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <= 4.0.5 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <= 4.3.4 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.5 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don Benjamin WP Custom Fields Search plugin <= 1.2.34 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions.
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyzoo Flyzoo Chat plugin <= 2.3.3 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kemory Grubb Recencio Book Reviews recencio-book-reviews allows DOM-Based XSS.This issue affects Recencio Book Reviews: from n/a through <= 1.66.0.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <= 13.0 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Horse WP Portfolio allows Stored XSS.This issue affects WP Portfolio: from n/a through 2.4.
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Lees Exxp plugin <= 2.6.8 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS.This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.11.
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.11.2 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vark Min and Max Purchase for WooCommerce allows Stored XSS.This issue affects Min and Max Purchase for WooCommerce: from n/a through 2.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a before 6.3.1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6.
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to `error` or `succeed` in an `Avo::BaseAction` subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious user could exploit this vulnerability to trigger a cross site scripting attack on an unsuspecting user. This issue has been addressed in the 3.3.0 and 2.47.0 releases of Avo. Users are advised to upgrade.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.This issue affects Mang Board WP: from n/a through 1.7.7.
Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsPoint Justified Image Gallery justified-image-gallery allows Stored XSS.This issue affects Justified Image Gallery: from n/a through <= 1.0.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shareaholic Similar Posts plugin <= 3.1.6 versions.