| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. |
| Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin <= 1.0.4 on WordPress. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress. |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress. |
| Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webpsilon ULTIMATE TABLES plugin <= 1.6.5 versions. |
| The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| The SVS Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pricing table settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
| A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257613 was assigned to this vulnerability. |
| A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257614 is the identifier assigned to this vulnerability. |
| Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. |
| Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. |
| Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. |
| Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions. |
| Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. |
