Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roninwp FAT Services Booking fat-services-booking allows Stored XSS.This issue affects FAT Services Booking: from n/a through <= 5.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in overclokk Advanced Control Manager for WordPress by ItalyStrap advanced-control-manager allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through <= 2.16.0.
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Genetech Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from n/a before 3.8.3.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through <= 1.3.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilya_compman Like in Vk.com like-on-vkontakte allows Stored XSS.This issue affects Like in Vk.com: from n/a through <= 0.5.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in universam UNIVERSAM universam-demo allows Reflected XSS.This issue affects UNIVERSAM: from n/a through < 8.59.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tgw365 Evernote Sync evernote-sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through <= 3.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harshtohit111 Fence URL fence-url allows Stored XSS.This issue affects Fence URL: from n/a through <= 2.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehowarde Connect Contact Form 7 to Constant Contact connect-contact-form-7-to-constant-contact-v3 allows Reflected XSS.This issue affects Connect Contact Form 7 to Constant Contact: from n/a through <= 1.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oktoberfive Visual Recent Posts visual-recent-posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through <= 1.2.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange WP GeoNames wp-geonames allows Reflected XSS.This issue affects WP GeoNames: from n/a through <= 1.8.
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS STAGGS staggs allows Reflected XSS.This issue affects STAGGS: from n/a through <= 2.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop wp-quick-shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through <= 1.3.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LabelGrid LabelGrid Tools label-grid-tools allows Reflected XSS.This issue affects LabelGrid Tools: from n/a through <= 1.3.58.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaytesh Barange Posts Date Ranges posts-date-ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through <= 2.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Editor: from n/a through 1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImmoSoft ImmoToolBox Connect immotoolbox-connect allows Reflected XSS.This issue affects ImmoToolBox Connect: from n/a through <= 1.3.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion allows Reflected XSS.This issue affects FloristPress: from n/a through <= 7.2.0.
The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Planet Studio ArCa Payment Gateway arca-payment-gateway allows Stored XSS.This issue affects ArCa Payment Gateway: from n/a through <= 1.3.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hjyl hmd hmd allows Stored XSS.This issue affects hmd: from n/a through <= 2.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icdsoft ICDSoft Reseller Store icdsoft-reseller-store allows Reflected XSS.This issue affects ICDSoft Reseller Store: from n/a through <= 2.4.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linknacional Invoice Payment for WooCommerce invoice-payment-for-woocommerce allows Reflected XSS.This issue affects Invoice Payment for WooCommerce: from n/a through <= 1.7.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enrico Cantori 3D Avatar User Profile 3d-avatar-user-profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through <= 1.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from n/a through <= 3.1.86.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Bulk Product Editor ni-woocommerce-product-editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through <= 1.4.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spartac Feedpress Generator feedpress-generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through <= 1.2.1.
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manidoraisamy FormFacade formfacade allows Reflected XSS.This issue affects FormFacade: from n/a through <= 1.3.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Fletcher Role Includer role-includer allows Reflected XSS.This issue affects Role Includer: from n/a through <= 1.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmorillas1 Shortcodes Blocks Creator Ultimate ultimate-shortcodes-creator allows Reflected XSS.This issue affects Shortcodes Blocks Creator Ultimate: from n/a through <= 2.2.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card: from n/a through < 2.9.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metup CleverNode Related Content clevernode-related-content allows Reflected XSS.This issue affects CleverNode Related Content: from n/a through <= 1.1.5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through <= 3.0.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazeonline Blaze Online eParcel for WooCommerce blaze-online-eparcel-for-woocommerce allows Reflected XSS.This issue affects Blaze Online eParcel for WooCommerce: from n/a through <= 1.3.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes awesome-shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through <= 1.7.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundgenerator Kundgenerator kundgenerator allows Reflected XSS.This issue affects Kundgenerator: from n/a through <= 1.0.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImageRecycle ImageRecycle pdf & image compression imagerecycle-pdf-image-compression allows Reflected XSS.This issue affects ImageRecycle pdf & image compression: from n/a through <= 3.1.16.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bouzid Nazim Zitouni TagGator taggator allows Reflected XSS.This issue affects TagGator: from n/a through <= 1.54.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader media-downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through <= 0.4.7.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace WordPress HelpDesk & Support Ticket System Plugin – Octrace Support octrace-support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace Support: from n/a through <= 1.2.7.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism I.T. Systems Multilevel Referral Affiliate Plugin for WooCommerce multilevel-referral-plugin-for-woocommerce allows Reflected XSS.This issue affects Multilevel Referral Affiliate Plugin for WooCommerce: from n/a through <= 2.27.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revidev Revi.io revi-io-customer-and-product-reviews allows Reflected XSS.This issue affects Revi.io: from n/a through <= 5.7.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through <= 1.4.
RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jtexpress J&T Express Malaysia jt-express allows Reflected XSS.This issue affects J&T Express Malaysia: from n/a through <= 2.0.13.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in koolkatwebdesigns jCarousel jcarousel-for-wordpress allows Stored XSS.This issue affects jCarousel: from n/a through <= 1.0.