The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tsmap' shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions.
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bruno "Aesqe" Babic File Gallery plugin <= 1.8.5.3 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB MailCrypt allows Stored XSS.This issue affects PB MailCrypt: from n/a through 3.1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt van Andel Adventure Journal allows Stored XSS.This issue affects Adventure Journal: from n/a through 1.7.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atanas Yonkov Pliska allows Stored XSS.This issue affects Pliska: from n/a through 0.3.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from n/a through 1.2.88.
Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Mini Loops allows Stored XSS.This issue affects Mini Loops: from n/a through 1.4.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through 1.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor: from n/a through 1.6.9.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZOOM Addons for Elementor (Templates, Widgets): from n/a through 1.1.35.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in BeRocket Brands for WooCommerce plugin <= 3.7.0.6 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team GIPHY Giphypress allows Stored XSS.This issue affects Giphypress: from n/a through 1.6.2.
Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Karl Kiesinger GWP-Histats allows Stored XSS.This issue affects GWP-Histats: from n/a through 1.0.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Swashata WP Category Post List Widget plugin <= 2.0.3 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Freesia Empire allows Stored XSS.This issue affects Freesia Empire: from n/a through 1.4.1.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jamie Poitra M Chart plugin <= 1.9.4 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixel Industry TweetScroll Widget allows Stored XSS.This issue affects TweetScroll Widget: from n/a through 1.3.7.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam DeHaven Perfect Pullquotes allows Stored XSS.This issue affects Perfect Pullquotes: from n/a through 1.7.5.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin <= 2.1.9 versions.
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vark Min and Max Purchase for WooCommerce allows Stored XSS.This issue affects Min and Max Purchase for WooCommerce: from n/a through 2.0.0.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions.
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2 versions.
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions.
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steven Henty Drop Shadow Boxes plugin <= 1.7.10 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Horse WP Portfolio allows Stored XSS.This issue affects WP Portfolio: from n/a through 2.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arsham Mirshah Add Posts to Pages plugin <= 1.4.1 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Trade Pips WP TradingView allows Stored XSS.This issue affects WP TradingView: from n/a through 1.7.