Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in John Housholder Emma for WordPress emma-emarketing-plugin allows Stored XSS.This issue affects Emma for WordPress: from n/a through <= 1.3.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP maps-for-wp allows Stored XSS.This issue affects Maps for WP: from n/a through <= 1.2.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fast Simon Search, Filters & Merchandising for WooCommerce instantsearch-for-woocommerce allows Stored XSS.This issue affects Search, Filters & Merchandising for WooCommerce: from n/a through <= 3.0.58.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/a through <= 1.2.11.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.12.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Editorial Calendar: from n/a through <= 3.9.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.2.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vektor,Inc. VK Filter Search vk-filter-search allows Stored XSS.This issue affects VK Filter Search: from n/a through <= 2.20.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tockify Tockify Events Calendar tockify-events-calendar allows DOM-Based XSS.This issue affects Tockify Events Calendar: from n/a through <= 2.2.13.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.4.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through <= 4.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through <= 2.9.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through <= 5.1.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through <= 7.42.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP TripAdvisor Review Slider wp-tripadvisor-review-slider allows Stored XSS.This issue affects WP TripAdvisor Review Slider: from n/a through <= 14.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.7.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through <= 2.15.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Addons For Elementor piotnet-addons-for-elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through <= 2.4.36.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through <= 13.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hookandhook WP Courses LMS wp-courses allows DOM-Based XSS.This issue affects WP Courses LMS: from n/a through <= 3.2.26.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through <= 2.5.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMinds Simple WP Events simple-wp-events allows Stored XSS.This issue affects Simple WP Events: from n/a through <= 1.8.17.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon News Element Elementor Blog Magazine news-element allows DOM-Based XSS.This issue affects News Element Elementor Blog Magazine: from n/a through <= 1.0.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devscred Design Blocks exclusive-blocks allows Stored XSS.This issue affects Design Blocks: from n/a through <= 1.2.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEJAN Hypotext hypotext allows Stored XSS.This issue affects Hypotext: from n/a through <= 1.0.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binsaifullah Posten posten-post-blocks allows DOM-Based XSS.This issue affects Posten: from n/a through <= 0.0.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through <= 1.3.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redpixelstudios RPS Include Content rps-include-content allows DOM-Based XSS.This issue affects RPS Include Content: from n/a through <= 1.2.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Marketer Addons marketer-addons allows Stored XSS.This issue affects Marketer Addons: from n/a through <= 1.0.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hiroprot Terms Before Download terms-before-download allows Stored XSS.This issue affects Terms Before Download: from n/a through <= 1.0.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MiKa OSM osm allows DOM-Based XSS.This issue affects OSM: from n/a through <= 6.1.13.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.5.8.

Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified.  Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable. The fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be “live” if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Thanks Myq Larson for reporting.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Blocks magical-blocks allows Stored XSS.This issue affects Magical Blocks: from n/a through <= 1.0.12.

File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code.

File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sultan Nasir Uddin Team Members for Elementor Page Builder team-members-for-elementor allows Stored XSS.This issue affects Team Members for Elementor Page Builder: from n/a through <= 1.0.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softnwords SMM API smm-api allows Stored XSS.This issue affects SMM API: from n/a through <= 6.0.31.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpoperations WPoperation Elementor Addons wpop-elementor-addons allows Stored XSS.This issue affects WPoperation Elementor Addons: from n/a through <= 1.1.9.