Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Visualmodo Borderless plugin <= 1.4.8 versions.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QualityUnit Post Affiliate Pro plugin <= 1.25.0 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Elastic Email Sender plugin <= 1.2.6 versions.

The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <= 1.3.4 versions.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a through 1.5.8.

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin <= 2.1.48 versions.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.25.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Stored XSS.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.7.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.9.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions.