| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. |
| The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. |
| The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id. |
| The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. |
| The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. |
| The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. |
| The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. |
| The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. |
| The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. |
| The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. |
| The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. |
| The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. |
| The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section. |
| The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header. |
| The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter. |
| The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter. |
| The Postmatic plugin before 1.4.6 for WordPress has XSS. |
| The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter. |
| The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. |
