Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through <= 2.3.84.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows DOM-Based XSS.This issue affects Nexter Blocks: from n/a through <= 4.0.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibnuyahya Category Post Shortcode category-post-shortcode allows Stored XSS.This issue affects Category Post Shortcode: from n/a through <= 2.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StorePlugin ShopElement shopelement allows Stored XSS.This issue affects ShopElement: from n/a through <= 2.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 Barter barter allows DOM-Based XSS.This issue affects Barter: from n/a through <= 1.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.25.10.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aftab Husain Vertical Carousel vertical-carousel-slider allows Stored XSS.This issue affects Vertical Carousel: from n/a through <= 1.0.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Capitalize My Title Capitalize My Title capitalize-my-title allows Stored XSS.This issue affects Capitalize My Title: from n/a through <= 0.5.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicejob NiceJob nicejob allows Stored XSS.This issue affects NiceJob: from n/a through <= 3.6.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks radius-blocks allows Stored XSS.This issue affects Radius Blocks: from n/a through <= 2.1.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through <= 3.0.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories web-stories allows Stored XSS.This issue affects Web Stories: from n/a through <= 1.37.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christer_f Hello Event Widgets For Elementor hello-event-widgets-for-elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through <= 1.0.2.
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with elements of JavaScript. Such script could then be executed in user browser on subsequent requests on pages where primary group name was displayed. This is vulnerability has been fixed in version 1.20.0.5646. Users who are unable to upgrade may modify ttUser.class.php to use an additional call to htmlspecialchars when printing group name.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Aliniya Nias course nias-course allows DOM-Based XSS.This issue affects Nias course: from n/a through <= 1.2.10.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup simple-popup-plugin allows DOM-Based XSS.This issue affects Simple Popup: from n/a through <= 4.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smaily Smaily for WP smaily-for-wp allows Stored XSS.This issue affects Smaily for WP: from n/a through <= 3.1.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows DOM-Based XSS.This issue affects Generic Elements: from n/a through <= 1.2.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through <= 6.4.7.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.3.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in geilt Simpul Events by Esotech simpul-events-by-esotech allows Stored XSS.This issue affects Simpul Events by Esotech: from n/a through <= 1.8.5.
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rejuan Ahamed Best Addons for Elementor allows Stored XSS.This issue affects Best Addons for Elementor: from n/a through 1.0.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Random Banner random-banner allows Stored XSS.This issue affects Random Banner: from n/a through <= 4.2.12.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 3.3.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows DOM-Based XSS.This issue affects themesflat-addons-for-elementor: from n/a through <= 2.2.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devnex Devnex Addons For Elementor devnex-addons-for-elementor allows DOM-Based XSS.This issue affects Devnex Addons For Elementor: from n/a through <= 1.0.9.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through <= 4.1.15.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sazzad Image Carousel Shortcode image-carousel-shortcode allows DOM-Based XSS.This issue affects Image Carousel Shortcode: from n/a through <= 1.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sohelwpexpert WP Responsive Video my-wp-responsive-video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through <= 1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Surbma Surbma | Font Awesome surbma-font-awesome allows DOM-Based XSS.This issue affects Surbma | Font Awesome: from n/a through <= 3.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lilaeamedia IntelliWidget Elements intelliwidget-elements allows DOM-Based XSS.This issue affects IntelliWidget Elements: from n/a through <= 2.2.7.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Sell Media File with Stripe sell-media-file allows Stored XSS.This issue affects Sell Media File with Stripe: from n/a through <= 1.0.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abdul Awal Uzzal File Select Control For Elementor file-select-control-for-elementor allows DOM-Based XSS.This issue affects File Select Control For Elementor: from n/a through <= 1.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nrmendez CRM 2go crm2go allows DOM-Based XSS.This issue affects CRM 2go: from n/a through <= 1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Cool Tag Cloud cool-tag-cloud allows Stored XSS.This issue affects Cool Tag Cloud: from n/a through <= 2.29.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linear Oy Linear linear allows DOM-Based XSS.This issue affects Linear: from n/a through <= 2.8.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smajda Pull This pull-this allows DOM-Based XSS.This issue affects Pull This: from n/a through <= 1.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leroysabrina Simple Social Share Block simple-social-share-block allows Stored XSS.This issue affects Simple Social Share Block: from n/a through <= 1.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eSparkBiz ESB Testimonials esb-testimonials allows Stored XSS.This issue affects ESB Testimonials: from n/a through <= 1.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beautimour Be Shortcodes be-shortcodes allows DOM-Based XSS.This issue affects Be Shortcodes: from n/a through <= 1.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Parallaxer parallaxer-lite-parallax-effects-on-images allows Stored XSS.This issue affects Parallaxer: from n/a through <= 1.00.
The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brandon Hubbard WP Listings Pro wp-listings-pro allows Stored XSS.This issue affects WP Listings Pro: from n/a through <= 3.0.14.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salehattari best bootstrap widgets for elementor best-bootstrap-widgets-for-elementor allows DOM-Based XSS.This issue affects best bootstrap widgets for elementor: from n/a through <= 1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arash Heidari Text Advertisements text-advertisements allows Stored XSS.This issue affects Text Advertisements: from n/a through <= 2.1.
Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GeroNikolov Fancy User List fancy-user-listing allows Stored XSS.This issue affects Fancy User List: from n/a through <= 3.1.