Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindside Networks BigBlueButton plugin <= 3.0.0-beta.4 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders allows Reflected XSS. This issue affects Theme Blvd Sliders: from n/a through 1.2.5.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.11 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Interactive Bridge Core plugin <= 3.0.9 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJECT Booking Package Booking Package plugin <= 1.6.01 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions.
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Under Construction / Maintenance Mode from Acurax plugin <= 2.6 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Tufts WP Cards allows Reflected XSS. This issue affects WP Cards: from n/a through 1.5.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS.This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.2 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in confuzzledduck Syndicate Out allows Reflected XSS.This issue affects Syndicate Out: from n/a through 0.9.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound OK Poster Group allows Reflected XSS. This issue affects OK Poster Group: from n/a through 1.1.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin <= 4.6.19 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ctltwp Section Widget allows Reflected XSS. This issue affects Section Widget: from n/a through 3.3.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XLPlugins User Email Verification for WooCommerce plugin <= 3.5.0 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner allows Reflected XSS. This issue affects Wordpress Auto Spinner: from n/a through 3.25.0.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntactics, Inc. EaSYNC plugin <= 1.3.7 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through 0.6.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <= 2.5.5 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Forge Muses Player with Skins plugin <= 2.5 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery. This issue affects LSD Custom taxonomy and category meta: from n/a through 1.3.2.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh Patel Post List With Featured Image plugin <= 1.2 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube Authors List plugin <= 2.0.2 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janekniefeldt My Custom Widgets allows Reflected XSS. This issue affects My Custom Widgets: from n/a through 2.0.5.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Category Widget allows Reflected XSS. This issue affects Category Widget: from n/a through 2.0.2.
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 9.0.2 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Razib Control Listings allows Reflected XSS. This issue affects Control Listings: from n/a through 1.0.4.1.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tayoricom Tayori Form allows Reflected XSS. This issue affects Tayori Form: from n/a through 1.2.9.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones allows Stored XSS. This issue affects Libro de Reclamaciones: from n/a through 1.0.1.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark kStats Reloaded allows Reflected XSS. This issue affects kStats Reloaded: from n/a through 0.7.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devu Status Updater allows Reflected XSS. This issue affects Status Updater: from n/a through 1.9.2.