The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER super-slider allows Reflected XSS.This issue affects SUPER RESPONSIVE SLIDER: from n/a through <= 1.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Farrell wp Hosting Performance Check wp-hosting-performance-check allows Reflected XSS.This issue affects wp Hosting Performance Check: from n/a through <= 2.18.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patel Post Carousel & Slider post-types-carousel-slider allows Reflected XSS.This issue affects Post Carousel & Slider: from n/a through <= 1.0.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anshulsojatia Scan External Links scan-external-links allows Reflected XSS.This issue affects Scan External Links: from n/a through <= 1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager job-board-manager allows Reflected XSS.This issue affects Job Board Manager: from n/a through <= 2.1.61.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weiluri WP Order By wp-order-by allows Reflected XSS.This issue affects WP Order By: from n/a through <= 1.4.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stephanemartinw Mapbox for WP Advanced mapbox-for-wp-advanced allows Reflected XSS.This issue affects Mapbox for WP Advanced: from n/a through <= 1.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin Order Audit Log for WooCommerce order-audit-log-for-woocommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through <= 2.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in P3JX Cf7Save Extension cf7save-extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through <= 1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups allows Reflected XSS.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through <= 2.0.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N3wNormal LucidLMS lucidlms allows Reflected XSS.This issue affects LucidLMS: from n/a through <= 1.0.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faaiq Pretty Url pretty-url allows Reflected XSS.This issue affects Pretty Url: from n/a through <= 1.5.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from n/a through 1.3.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andon Ivanov OZ Canonical oz-canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through <= 0.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Klein Center Amber amberlink allows Reflected XSS.This issue affects Amber: from n/a through <= 1.4.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Scroll to Top crudlab-scroll-to-top allows Reflected XSS.This issue affects CRUDLab Scroll to Top: from n/a through <= 1.0.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lich_wang WP-tagMaker tagmaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through <= 0.2.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ad Inserter Pro allows Reflected XSS. This issue affects Ad Inserter Pro: from n/a through 2.7.39.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Scripts Food Store – Online Food Delivery & Pickup food-store allows Reflected XSS.This issue affects Food Store – Online Food Delivery & Pickup: from n/a through <= 1.5.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abinav Thakuri WordPress Signature wordpress-signature allows Reflected XSS.This issue affects WordPress Signature: from n/a through <= 0.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows Reflected XSS.This issue affects Mailing Group Listserv: from n/a through <= 2.0.9.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arete-it Post And Page Reactions post-and-page-reactions allows Reflected XSS.This issue affects Post And Page Reactions: from n/a through <= 1.0.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simone Marcon Wp advertising management advertising-management allows Reflected XSS.This issue affects Wp advertising management: from n/a through <= 1.0.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rachanaS Sponsered Link sponsered-link allows Reflected XSS.This issue affects Sponsered Link: from n/a through <= 4.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyaz GetSocial getsocial allows Reflected XSS.This issue affects GetSocial: from n/a through <= 2.0.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masoud Amini Zarinpal Paid Download zarinpal-paid-downloads allows Reflected XSS.This issue affects Zarinpal Paid Download: from n/a through <= 2.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5centsCDN 5centsCDN 5centscdn allows Reflected XSS.This issue affects 5centsCDN: from n/a through <= 25.4.15.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in altima-interactive Altima Lookbook Free for WooCommerce altima-lookbook-free-for-woocommerce allows Reflected XSS.This issue affects Altima Lookbook Free for WooCommerce: from n/a through <= 1.1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theme funda Custom Field For WP Job Manager custom-field-for-wp-job-manager allows Reflected XSS.This issue affects Custom Field For WP Job Manager: from n/a through <= 1.3.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in timmcdaniels Media Category Library media-category-library allows Reflected XSS.This issue affects Media Category Library: from n/a through <= 2.7.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rajib.dewan Opencart Product in WP opencart-product-in-wp allows Reflected XSS.This issue affects Opencart Product in WP: from n/a through <= 1.0.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai Social Pug: Author Box allows Reflected XSS. This issue affects Social Pug: Author Box: from n/a through 1.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vbout Marketing Automation marketing-automation allows Reflected XSS.This issue affects Marketing Automation: from n/a through <= 1.2.6.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Parallax Slider mg-parallax-slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through <= 1.0..
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in parswp Hide Login+ hide-login allows Reflected XSS.This issue affects Hide Login+: from n/a through <= 3.5.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reuven Karasik Your Lightbox your-lightbox allows Reflected XSS.This issue affects Your Lightbox: from n/a through <= 1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging allows Reflected XSS.This issue affects Private Messages for UserPro: from n/a through <= 4.10.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bavington WP Headmaster wp-headmaster allows Reflected XSS.This issue affects WP Headmaster: from n/a through <= 0.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder Better User Shortcodes better-user-shortcodes allows Reflected XSS.This issue affects Better User Shortcodes: from n/a through <= 1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asokaaso2 Kikx Simple Post Author Filter sa-post-author-filter allows Reflected XSS.This issue affects Kikx Simple Post Author Filter: from n/a through <= 1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in turboSMTP turboSMTP turbosmtp allows Reflected XSS.This issue affects turboSMTP: from n/a through <= 4.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Stored XSS.This issue affects WP Virtual Assistant: from n/a through <= 3.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdever Target Notifications target-notifications allows Reflected XSS.This issue affects Target Notifications: from n/a through <= 1.1.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM cubepm allows Reflected XSS.This issue affects CubePM: from n/a through <= 1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Reflected XSS.This issue affects Hesabfa Accounting: from n/a through <= 2.1.2.