| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham All Currencies for WooCommerce woocommerce-all-currencies allows Stored XSS.This issue affects All Currencies for WooCommerce: from n/a through <= 2.4.3. |
| Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type` header. The uploaded files are then served by nginx with a Content-Type derived from their original extension (`text/html`, `image/svg+xml`), enabling Stored Cross-Site Scripting (XSS) in the context of the application's origin. This can lead to session riding, account takeover, and full compromise of other users' accounts. Version 2.21.6 contains a fix. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aakif Kadiwala Posts Slider Shortcode posts-slider-shortcode allows DOM-Based XSS.This issue affects Posts Slider Shortcode: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Post Custom Templates Lite post-custom-templates-lite allows Stored XSS.This issue affects Post Custom Templates Lite: from n/a through <= 1.14. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marvie Pons Pinterest Verify Meta Tag pinterest-verify-meta-tag allows Stored XSS.This issue affects Pinterest Verify Meta Tag: from n/a through <= 1.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in melipayamak Melipayamak melipayamak allows Stored XSS.This issue affects Melipayamak: from n/a through <= 2.2.12. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through <= 4.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in broadly Broadly for WordPress broadly allows Stored XSS.This issue affects Broadly for WordPress: from n/a through <= 3.0.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stefanledin Responsify WP responsify-wp allows Stored XSS.This issue affects Responsify WP: from n/a through <= 1.9.11. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NickDuncan Contact Form contact-form-ready allows DOM-Based XSS.This issue affects Contact Form: from n/a through <= 2.0.12. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamil Shafeev «Подсказки» от DaData.ru dadata-ru allows Stored XSS.This issue affects «Подсказки» от DaData.ru: from n/a through <= 1.0.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects ACF: Yandex Maps Field: from n/a through <= 1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vicchi WP Biographia wp-biographia allows Stored XSS.This issue affects WP Biographia: from n/a through <= 4.0.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through <= 2.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/a through < 4.2.4. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder simplebooklet allows Stored XSS.This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through <= 1.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through <= 1.3.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme Structured Content structured-content allows Stored XSS.This issue affects Structured Content: from n/a through <= 1.6.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham SKU Generator for WooCommerce sku-for-woocommerce allows Reflected XSS.This issue affects SKU Generator for WooCommerce: from n/a through <= 1.6.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas wp-access-areas allows Reflected XSS.This issue affects Access Areas: from n/a through <= 1.5.19. |
