CVE Database

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Odyno Simple Vertical Timeline simple-vertical-timeline allows DOM-Based XSS.This issue affects Simple Vertical Timeline: from n/a through <= 0.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yesstreamingdev Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com allows Stored XSS.This issue affects Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com: from n/a through <= 3.3.

Cross-Site Request Forgery (CSRF) vulnerability in dpowney Hotspots Analytics hotspots allows Stored XSS.This issue affects Hotspots Analytics: from n/a through <= 4.0.12.

Cross-Site Request Forgery (CSRF) vulnerability in Jamsheer K Custom Widget Classes custom-widget-classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through <= 1.1.

Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin wordpress-gallery-plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through <= 1.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foo123 Top Flash Embed top-flash-embed allows Stored XSS.This issue affects Top Flash Embed: from n/a through <= 0.3.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter report-broken-links allows DOM-Based XSS.This issue affects Links/Problem Reporter: from n/a through <= 2.6.0.

Cross-Site Request Forgery (CSRF) vulnerability in Matt Gibbs Admin Cleanup admin-cleanup allows Stored XSS.This issue affects Admin Cleanup: from n/a through <= 1.0.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mobstac QR Code Generator qrcode-wprhe allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through <= 1.2.6.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jobair JB Horizontal Scroller News Ticker jb-horizontal-scroller-news-ticker allows DOM-Based XSS.This issue affects JB Horizontal Scroller News Ticker: from n/a through <= 1.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sindhi WordPress Data Guard wordpress-data-guards allows Stored XSS.This issue affects WordPress Data Guard: from n/a through <= 8.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in straps Strx Magic Floating Sidebar Maker strx-magic-floating-sidebar-maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through <= 1.4.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pedjas Stop Comment Spam stop-comment-spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through <= 0.5.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osuthorpe Easy Shortcode Buttons easy-shortcode-buttons allows Stored XSS.This issue affects Easy Shortcode Buttons: from n/a through <= 1.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io ShortCodes: from n/a through 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress cnzz51la-for-wordpress allows Cross Site Request Forgery.This issue affects CNZZ&51LA for WordPress: from n/a through <= 1.0.1.

Cross-Site Request Forgery (CSRF) vulnerability in alicornea Category Custom Fields categorycustomfields allows Cross Site Request Forgery.This issue affects Category Custom Fields: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in aleapp WP Cookies Alert wp-cookies-alert allows Cross Site Request Forgery.This issue affects WP Cookies Alert: from n/a through <= 1.1.1.

Cross-Site Request Forgery (CSRF) vulnerability in thapa.laxman Content Security Policy Pro content-security-policy-pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pro: from n/a through <= 1.3.5.

Cross-Site Request Forgery (CSRF) vulnerability in pyko More Link Modifier more-link-modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through <= 1.0.3.

Cross-Site Request Forgery (CSRF) vulnerability in mahadirz MHR-Custom-Anti-Copy mhr-custom-anti-copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through <= 2.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4.

Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6.

Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider len-slider allows Reflected XSS.This issue affects Len Slider: from n/a through <= 2.0.11.

Cross-Site Request Forgery (CSRF) vulnerability in Dutch van Andel Custom List Table Example custom-list-table-example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through <= 1.4.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jim2212001 Spiderpowa Embed PDF spiderpowa-embed-pdf allows Stored XSS.This issue affects Spiderpowa Embed PDF: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in itamarg SEOReseller Partner sr-partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through <= 1.3.15.

Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net wp-service-payment-form-with-authorizenet allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through <= 2.6.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SteveSoehl WP-Revive Adserver wp-revive-adserver allows Stored XSS.This issue affects WP-Revive Adserver: from n/a through <= 2.2.1.

Cross-Site Request Forgery (CSRF) vulnerability in FuzzGuard Style Admin style-admin allows Stored XSS.This issue affects Style Admin: from n/a through <= 1.4.3.

Cross-Site Request Forgery (CSRF) vulnerability in nova706 OrangeBox orangebox allows Cross Site Request Forgery.This issue affects OrangeBox: from n/a through <= 3.0.0.

Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through <= 1.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Patel Easy Portfolio easy-portfolio allows Stored XSS.This issue affects Easy Portfolio: from n/a through <= 1.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ghuger Easy FAQs easy-faqs allows Stored XSS.This issue affects Easy FAQs: from n/a through <= 3.2.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _rccoder_ wp_amaps wp-amaps allows Stored XSS.This issue affects wp_amaps: from n/a through <= 1.7.

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Auto FTP auto-ftp allows Stored XSS.This issue affects Auto FTP: from n/a through <= 1.0.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mikakaltoft Horizontal Line Shortcode horizontal-line-shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through <= 1.0.

Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album ai-responsive-gallery-album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through <= 1.4.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpha BPO Easy Code Snippets easy-code-snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through <= 1.0.2.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv ResAds resads allows SQL Injection.This issue affects ResAds: from n/a through <= 2.0.5.

Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through <= 1.3.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in willowsconsulting GDPR Personal Data Reports gdpr-personal-data-reports allows Stored XSS.This issue affects GDPR Personal Data Reports: from n/a through <= 1.0.5.

Missing Authorization vulnerability in ekaterir Cache Sniper for Nginx snipe-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through <= 1.0.4.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WWP GMAPS for WPBakery Page Builder Free gmaps-for-visual-composer-free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through <= 1.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petulla&#8217; imaGenius imagenius allows Stored XSS.This issue affects imaGenius: from n/a through <= 1.7.

Cross-Site Request Forgery (CSRF) vulnerability in w3speedster W3SPEEDSTER w3speedster-wp allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through <= 7.33.

Missing Authorization vulnerability in ujjavaljani Copy Move Posts copy-move-posts.This issue affects Copy Move Posts: from n/a through <= 1.6.

Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carrotbits Greek Namedays Widget From Eortologio.Net greek-namedays-widget allows Stored XSS.This issue affects Greek Namedays Widget From Eortologio.Net: from n/a through <= 20191113.