| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Team Rosters allows Reflected XSS. This issue affects Team Rosters: from n/a through 4.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky / yalla ya! Simple Payment allows Reflected XSS.This issue affects Simple Payment: from n/a through 2.3.7. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Skill Bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through 2.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.8.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ketan Patel Featured product by category name allows DOM-Based XSS.This issue affects Featured product by category name: from n/a through 1.1. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LinkGraph Search Atlas SEO allows Stored XSS.This issue affects Search Atlas SEO: from n/a through 1.8.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kuepper QuoteMedia Tools allows DOM-Based XSS.This issue affects QuoteMedia Tools: from n/a through 1.0. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Matthew Lillistone ML Responsive Audio player with playlist Shortcode allows Stored XSS.This issue affects ML Responsive Audio player with playlist Shortcode: from n/a through 0.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Lin WP Mermaid allows Stored XSS.This issue affects WP Mermaid: from n/a through 1.0.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry wA11y – The Web Accessibility Toolbox allows Stored XSS. This issue affects wA11y – The Web Accessibility Toolbox: from n/a through 1.0.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar allows Stored XSS. This issue affects Lunar: from n/a through 1.3.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarMar8x Notif Bell allows Stored XSS.This issue affects Notif Bell: from n/a through 0.9.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Subhasish Manna Wc Recently viewed products allows Reflected XSS.This issue affects Wc Recently viewed products: from n/a through 1.0.1. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Simple Goods allows Stored XSS.This issue affects Simple Goods: from n/a through 0.1.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jojaba Access Category Password allows Reflected XSS.This issue affects Access Category Password: from n/a through 1.5.1.
|
| The Beek Widget Extention plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Silver Muru WS Force Login Page allows Stored XSS. This issue affects WS Force Login Page: from n/a through 3.0.3. |
| The JSM Screenshot Machine Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ssm' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 김 민준 (Minjun Kim) NAVER Analytics allows Stored XSS.This issue affects NAVER Analytics: from n/a through 0.9. |
