Total
277684 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22711 | 1 Agentevolution | 1 Impress Listings | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions. | ||||
| CVE-2023-23701 | 1 Web Design Easy Sign Up Project | 1 Web Design Easy Sign Up | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions. | ||||
| CVE-2023-22696 | 1 Custom4web | 1 Affiliate Links Lite | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Custom4Web Affiliate Links Lite plugin <= 2.5 versions. | ||||
| CVE-2023-30746 | 1 Booqable | 1 Rental Software Booqable Rental | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booqable Rental Software Booqable Rental plugin <= 2.4.15 versions. | ||||
| CVE-2023-27419 | 1 Everestthemes | 1 Viable Blog | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Viable Blog theme <= 1.1.4 versions. | ||||
| CVE-2023-27455 | 1 Mauimarketing | 1 Update Image Tag Alt Attribute | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Marketing Update Image Tag Alt Attribute plugin <= 2.4.5 versions. | ||||
| CVE-2025-0344 | 2025-01-09 | 6.3 Medium | ||
| A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-32970 | 1 Themify | 1 Portfolio Post | 2025-01-09 | 4.1 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4 versions. | ||||
| CVE-2022-33961 | 1 Waspthemes | 1 Visual Css Style Editor | 2025-01-09 | 4 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <= 7.5.8 versions. | ||||
| CVE-2022-46819 | 1 Gopiplus | 1 Continuous Announcement Scroller | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <= 13.0 versions. | ||||
| CVE-2022-46817 | 1 Flyzoo | 1 Flyzoo Chat | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyzoo Flyzoo Chat plugin <= 2.3.3 versions. | ||||
| CVE-2022-47137 | 1 Wpmanageninja | 1 Ninja Tables | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <= 4.3.4 versions. | ||||
| CVE-2022-47441 | 1 Wpcharitable | 1 Charitable | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions. | ||||
| CVE-2022-27856 | 1 Atlasgondal | 1 Export All Urls | 2025-01-09 | 3.4 Low |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <= 4.1 versions. | ||||
| CVE-2022-47600 | 1 I13websolution | 1 Mass Email To Users | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <= 1.1.4 versions. | ||||
| CVE-2022-47590 | 1 Fugu | 1 Maintenance Switch | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | ||||
| CVE-2022-45846 | 1 Wpmart | 1 Interactive Svg Image Map Builder | 2025-01-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin < 5.6.9 versions. | ||||
| CVE-2024-13153 | 2025-01-09 | 6.4 Medium | ||
| The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code, to apply the patch, the affected widgets: Image Tooltip, Notification, Simple Popup, Video Play Button, and Card Carousel, must be deleted and reinstalled manually. | ||||
| CVE-2023-2490 | 1 Useragent-spy Project | 1 Useragent-spy | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions. | ||||
| CVE-2023-23867 | 1 Buttons X Project | 1 Buttons X | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder – Buttons X plugin <= 0.8.6 versions. | ||||