| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in joshix Simplish simplish allows Stored XSS.This issue affects Simplish: from n/a through <= 2.6.4. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enguerranws Related Post Shortcode related-post-shortcode allows Stored XSS.This issue affects Related Post Shortcode: from n/a through <= 1.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweaver Weaver Themes Shortcode Compatibility weaver-themes-shortcode-compatibility allows Stored XSS.This issue affects Weaver Themes Shortcode Compatibility: from n/a through <= 1.0.4. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patel WP Query Creator wp-query-creator allows Reflected XSS.This issue affects WP Query Creator: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WittyFolk Bonjour Bar bonjour-bar allows Stored XSS.This issue affects Bonjour Bar: from n/a through <= 1.0.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Stored XSS.This issue affects WP FullCalendar: from n/a through <= 1.5. |
| Missing Authorization vulnerability in Marcus (aka @msykes) Events Manager events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through <= 6.6.4.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through <= 3.5.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through <= 2.1.5. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through <= 2.1.20. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through <= 1.5.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.21. |
| Insertion of Sensitive Information Into Sent Data vulnerability in wpspin Post/Page Copying Tool postpage-import-export-with-custom-fields-taxonomies allows Retrieve Embedded Sensitive Data.This issue affects Post/Page Copying Tool: from n/a through <= 2.0.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kitae Park Mang Board WP mangboard allows Reflected XSS.This issue affects Mang Board WP: from n/a through <= 1.8.4. |
| Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through <= 4.0.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Ahmed Advanced Form Integration advanced-form-integration allows Stored XSS.This issue affects Advanced Form Integration: from n/a through <= 1.95.0. |
| Deserialization of Untrusted Data vulnerability in plainware PlainInventory z-inventory-manager allows Object Injection.This issue affects PlainInventory: from n/a through <= 3.1.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through <= 1.5.1. |
| Incorrect Privilege Assignment vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Privilege Escalation.This issue affects WPGuppy: from n/a through <= 1.1.0. |
