The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Easy Replace easy-replace allows Stored XSS.This issue affects Easy Replace: from n/a through <= 1.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 Bicycleshop bicycleshop allows DOM-Based XSS.This issue affects Bicycleshop: from n/a through <= 1.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through <= 3.0.8.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <= 2.9.1 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlockArt Magazine Blocks magazine-blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through <= 1.3.20.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through <= 1.5.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Shots for Dribbble gs-dribbble-portfolio allows DOM-Based XSS.This issue affects GS Shots for Dribbble: from n/a through <= 1.2.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pronamic Pronamic Google Maps pronamic-google-maps allows Stored XSS.This issue affects Pronamic Google Maps: from n/a through <= 2.3.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows DOM-Based XSS.This issue affects Nexter Blocks: from n/a through <= 4.0.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio SaasPricing saaspricing allows DOM-Based XSS.This issue affects SaasPricing: from n/a through <= 1.2.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zionbuilder ZionBuilder zionbuilder allows Stored XSS.This issue affects ZionBuilder: from n/a through <= 3.6.16.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Aliniya Nias course nias-course allows DOM-Based XSS.This issue affects Nias course: from n/a through <= 1.2.10.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsCafe Advanced Data Table For Elementor advanced-data-table-for-elementor allows Stored XSS.This issue affects Advanced Data Table For Elementor: from n/a through <= 1.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks radius-blocks allows Stored XSS.This issue affects Radius Blocks: from n/a through <= 2.1.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows DOM-Based XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through <= 1.5.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codexshaper Advanced Element Bucket Addons for Elementor cs-element-bucket allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a through <= 1.0.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.25.10.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RRDevs RRAddons for Elementor rrdevs-for-elementor allows Stored XSS.This issue affects RRAddons for Elementor: from n/a through <= 1.1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABCBiz ABCBiz Addons and Templates for Elementor allows Stored XSS.This issue affects ABCBiz Addons and Templates for Elementor: from n/a through 2.0.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through <= 1.6.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients clients allows Stored XSS.This issue affects Clients: from n/a through <= 1.1.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Echoza echoza allows Stored XSS.This issue affects Echoza: from n/a through <= 0.1.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Events Addon for Elementor events-addon-for-elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through <= 2.2.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smaily Smaily for WP smaily-for-wp allows Stored XSS.This issue affects Smaily for WP: from n/a through <= 3.1.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masud Hasan Unlock Addons for Elementor unlock-addons-for-elementor allows DOM-Based XSS.This issue affects Unlock Addons for Elementor: from n/a through <= 2.2.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through <= 6.4.7.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories web-stories allows Stored XSS.This issue affects Web Stories: from n/a through <= 1.37.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yaycommerce Brand brand allows Stored XSS.This issue affects Brand: from n/a through <= 1.1.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in premila Gutensee gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through <= 1.0.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christer_f Hello Event Widgets For Elementor hello-event-widgets-for-elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through <= 1.0.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meini Utech World Time utech-world-time-for-wp allows Stored XSS.This issue affects Utech World Time: from n/a through <= 1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer Advanced Blog Post Block advanced-blog-post-block allows Stored XSS.This issue affects Advanced Blog Post Block: from n/a through <= 1.0.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zeshanb Quran Phrases About Most People Shortcodes quran-phrases-about-most-people-shortcodes allows DOM-Based XSS.This issue affects Quran Phrases About Most People Shortcodes: from n/a through <= 1.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devfelixmoira Poll Builder poll-builder allows Stored XSS.This issue affects Poll Builder: from n/a through <= 1.3.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Wot Elementor Widgets wot-elementor-widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets: from n/a through <= 1.0.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.3.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mashiurz Plain Post plain-post allows Stored XSS.This issue affects Plain Post: from n/a through <= 1.0.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs faqs allows Stored XSS.This issue affects FAQs: from n/a through <= 1.0.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. WP Mermaid wp-mermaid allows Stored XSS.This issue affects WP Mermaid: from n/a through <= 1.0.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakub Glos Sparkle Elementor Kit sparkle-elementor-kit allows DOM-Based XSS.This issue affects Sparkle Elementor Kit: from n/a through <= 2.0.9.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nutttaro Video Player for WPBakery video-player-for-wpbakery allows Stored XSS.This issue affects Video Player for WPBakery: from n/a through <= 1.0.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rejuan Ahamed Best Addons for Elementor allows Stored XSS.This issue affects Best Addons for Elementor: from n/a through 1.0.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links – Amazon Associates Affiliate Plugin allows Stored XSS.This issue affects Auto Amazon Links – Amazon Associates Affiliate Plugin: from n/a through 5.1.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stachethemes Advanced Event Manager advanced-event-manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through <= 1.1.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons cowidgets-elementor-addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through <= 1.2.0.