| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Reflected XSS.This issue affects Stars SMTP Mailer: from n/a through <= 1.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Ghedini AcuGIS Leaflet Maps mapfig-premium-leaflet-map-maker allows Reflected XSS.This issue affects AcuGIS Leaflet Maps: from n/a through <= 5.1.1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.21. |
| Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps drop-caps allows Stored XSS.This issue affects Drop Caps: from n/a through <= 2.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in milordk Jet Footer Code jet-footer-code allows Stored XSS.This issue affects Jet Footer Code: from n/a through <= 1.4. |
| Missing Authorization vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Elementor Addons: from n/a through <= 2.2.7. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martí Batlles Martinez Mimoos devoluciones-packback allows SQL Injection.This issue affects Mimoos: from n/a through <= 1.2. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tiny13 Service service allows Blind SQL Injection.This issue affects Service: from n/a through <= 1.0.4. |
| Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg – SiteOrigin Simple Proxy simple-proxy allows Reflected XSS.This issue affects Simple Proxy: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lemonadestudio Lemonade Social Networks Autoposter Pinterest lemonade-sna-pinterest-edition allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through <= 2.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP jobwp allows Cross Site Request Forgery.This issue affects JobWP: from n/a through <= 2.4.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio anyclip-media allows Stored XSS.This issue affects AnyClip Luminous Studio: from n/a through <= 1.3.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in César Martín TOCHAT.BE tochat-be allows Cross Site Request Forgery.This issue affects TOCHAT.BE: from n/a through <= 1.3.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation double-the-donation allows Cross Site Request Forgery.This issue affects Double the Donation: from n/a through <= 2.0.0. |
| The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server when the REST API is enabled, which may make remote code execution possible. |
| Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through <= 4.29. |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through <= 6.0.13. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows DOM-Based XSS.This issue affects WPKoi Templates for Elementor: from n/a through <= 3.4.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through <= 0.18.8. |
