CVE Database

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson AuthorSure authorsure allows Stored XSS.This issue affects AuthorSure: from n/a through <= 2.3.

Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling allows Cross Site Request Forgery.This issue affects Advanced Appointment Booking & Scheduling: from n/a through <= 2.1.

Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through <= 6.0.13.

Missing Authorization vulnerability in CardCom CardCom Payment Gateway woo-cardcom-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CardCom Payment Gateway: from n/a through <= 3.5.0.7.

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.6.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tuyennv TZ PlusGallery tz-plus-gallery allows Stored XSS.This issue affects TZ PlusGallery: from n/a through <= 1.5.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chad Butler WP-Members wp-members allows Stored XSS.This issue affects WP-Members: from n/a through <= 3.5.4.2.

Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.1.

Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through <= 3.8.1.

Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Cross Site Request Forgery.This issue affects SALESmanago & Leadoo: from n/a through <= 3.8.1.

Missing Authorization vulnerability in Jeremy Saxey Hide WP Toolbar hide-wp-toolbar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide WP Toolbar: from n/a through <= 2.7.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Reflected XSS.This issue affects VikRestaurants: from n/a through <= 1.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Quick View for WooCommerce woocommerce-lightbox allows Stored XSS.This issue affects WPB Quick View for WooCommerce: from n/a through <= 2.1.8.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery Lightbox gallery-lightbox-slider allows Stored XSS.This issue affects Gallery Lightbox: from n/a through <= 1.0.0.41.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in photonicgnostic Library Bookshelves library-bookshelves allows Stored XSS.This issue affects Library Bookshelves: from n/a through <= 5.11.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing zoho-subscriptions allows DOM-Based XSS.This issue affects Zoho Billing: from n/a through <= 4.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Stored XSS.This issue affects VikRestaurants: from n/a through <= 1.5.1.

Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through <= 4.29.

Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Travel Map travelmap-blog allows Cross Site Request Forgery.This issue affects Travel Map: from n/a through <= 1.0.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmatsuur Slightly troublesome permalink slightly-troublesome-permalink allows Stored XSS.This issue affects Slightly troublesome permalink: from n/a through <= 1.2.0.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Missing Authorization vulnerability in wpcraft WooMS wooms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooMS: from n/a through <= 9.12.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS wooms allows Stored XSS.This issue affects WooMS: from n/a through <= 9.12.

Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor post-carousel-slider-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Carousel Slider for Elementor: from n/a through <= 1.7.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker poll-maker allows DOM-Based XSS.This issue affects Poll Maker: from n/a through <= 6.0.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 100plugins Open User Map open-user-map allows DOM-Based XSS.This issue affects Open User Map: from n/a through <= 1.4.14.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP maps-for-wp allows Stored XSS.This issue affects Maps for WP: from n/a through <= 1.2.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ken107 SiteNarrator Text-to-Speech Widget sitespeaker-widget allows Stored XSS.This issue affects SiteNarrator Text-to-Speech Widget: from n/a through <= 1.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Glen Scott Plugin Security Scanner plugin-security-scanner allows Stored XSS.This issue affects Plugin Security Scanner: from n/a through <= 2.0.2.

Missing Authorization vulnerability in oggix Ongkoskirim.id ongkoskirim-id allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ongkoskirim.id: from n/a through <= 1.0.6.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Directory Pro directory-pro allows DOM-Based XSS.This issue affects Directory Pro: from n/a through <= 2.5.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through <= 6.3.8.

Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through <= 1.0.73.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cedcommerce WP Advanced PDF wp-advanced-pdf allows Stored XSS.This issue affects WP Advanced PDF: from n/a through <= 1.1.7.

Missing Authorization vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool skimlinks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Skimlinks Affiliate Marketing Tool: from n/a through <= 1.3.

Server-Side Request Forgery (SSRF) vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool skimlinks allows Server Side Request Forgery.This issue affects Skimlinks Affiliate Marketing Tool: from n/a through <= 1.3.1.

Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Emergency Password Reset emergency-password-reset allows Cross Site Request Forgery.This issue affects Emergency Password Reset: from n/a through <= 9.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JonathanMH Append Link on Copy append-link-on-copy allows Stored XSS.This issue affects Append Link on Copy: from n/a through <= 0.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh Kumar Mukhiya Append extensions on Pages append-extensions-on-pages allows Stored XSS.This issue affects Append extensions on Pages: from n/a through <= 1.1.2.

Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon image-hover-effects-addon-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Hover Effects – Elementor Addon: from n/a through <= 1.4.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themewant Easy Hotel Booking easy-hotel allows DOM-Based XSS.This issue affects Easy Hotel Booking: from n/a through <= 1.9.0.

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.10.

Missing Authorization vulnerability in Meitar Subresource Integrity (SRI) Manager wp-sri allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subresource Integrity (SRI) Manager: from n/a through <= 0.4.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ricky Dawn Bot Block – Stop Spam Referrals in Google Analytics bot-block-stop-spam-google-analytics-referrals allows Stored XSS.This issue affects Bot Block – Stop Spam Referrals in Google Analytics: from n/a through <= 2.6.

Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS Affiliation lws-affiliation allows Cross Site Request Forgery.This issue affects LWS Affiliation: from n/a through <= 2.3.6.

Cross-Site Request Forgery (CSRF) vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Cross Site Request Forgery.This issue affects Piotnet Forms: from n/a through <= 1.0.30.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Diego Pereira PowerFolio portfolio-elementor allows Stored XSS.This issue affects PowerFolio: from n/a through <= 3.2.1.

Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation double-the-donation allows Cross Site Request Forgery.This issue affects Double the Donation: from n/a through <= 2.0.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kanwei_doublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through <= 2.0.0.