ReportizFlow
Filtered by vendor
Subscriptions
Total
45117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38348 | 1 Advance Search Project | 1 Advance Search | 2025-05-02 | 6.1 Medium |
| The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2. | ||||
| CVE-2021-38326 | 1 Wpleet | 1 Post Title Counter | 2025-05-02 | 6.1 Medium |
| The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. | ||||
| CVE-2021-38353 | 1 Webodid | 1 Dropdown And Scrollable Text | 2025-05-02 | 6.1 Medium |
| The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0. | ||||
| CVE-2021-38349 | 1 Techastha | 1 Integration Of Moneybird For Woocommerce | 2025-05-02 | 6.1 Medium |
| The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. | ||||
| CVE-2021-38340 | 1 Wordpress Simple Shop Project | 1 Wordpress Simple Shop | 2025-05-02 | 6.1 Medium |
| The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | ||||
| CVE-2021-38341 | 1 Dreamfoxmedia | 1 Woocommerce Payment Gateway Per Category | 2025-05-02 | 6.1 Medium |
| The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10. | ||||
| CVE-2021-38334 | 1 Amazingweb | 1 Wp-design-maps-places | 2025-05-02 | 6.1 Medium |
| The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | ||||
| CVE-2021-38330 | 1 Tromit | 1 Yabp | 2025-05-02 | 6.1 Medium |
| The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4. | ||||
| CVE-2021-38337 | 1 Carrcommunications | 1 Rsvpmaker Excel | 2025-05-02 | 6.1 Medium |
| The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. | ||||
| CVE-2021-38332 | 1 Ops-robots-txt Project | 1 Ops-robots-txt | 2025-05-02 | 6.1 Medium |
| The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | ||||
| CVE-2021-38335 | 1 Wiseagent | 1 Wise Agent Capture Forms | 2025-05-02 | 6.1 Medium |
| The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | ||||
| CVE-2021-38336 | 1 Sw-guide | 1 Edit Comments Xt | 2025-05-02 | 6.1 Medium |
| The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | ||||
| CVE-2021-38355 | 1 Bug Library Project | 1 Bug Library | 2025-05-02 | 6.1 Medium |
| The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3. | ||||
| CVE-2022-39017 | 1 M-files | 1 Hubshare | 2025-05-02 | 8.2 High |
| Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. | ||||
| CVE-2021-38347 | 1 Custom Website Data Project | 1 Custom Website Data | 2025-05-02 | 6.1 Medium |
| The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2. | ||||
| CVE-2021-38339 | 1 Devondev | 1 Simple Matted Thumbnails | 2025-05-02 | 6.1 Medium |
| The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01. | ||||
| CVE-2021-38327 | 1 Ueberhamm-design | 1 Youtube Video Inserter | 2025-05-02 | 6.1 Medium |
| The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0. | ||||
| CVE-2021-38354 | 1 Gnu-mailman Integration Project | 1 Gnu-mailman Integration | 2025-05-02 | 6.1 Medium |
| The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. | ||||
| CVE-2021-38359 | 1 Invitebox | 1 Invitebox | 2025-05-02 | 6.1 Medium |
| The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1. | ||||
| CVE-2021-38358 | 1 Kibokolabs | 1 Moolamojo | 2025-05-02 | 6.1 Medium |
| The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. | ||||