ReportizFlow
Filtered by vendor
Subscriptions
Total
45049 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6541 | 1 Wphelpline | 1 Allow Svg | 2025-06-11 | 6.1 Medium |
| The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2023-6783 | 1 Wolfnettech | 1 Wolfnet Idx For Wordpress | 2025-06-11 | 4.8 Medium |
| The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-45510 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-06-11 | 6.1 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the victim adds the attacker to their contacts, the malicious code is stored and executed when viewing the contact list. This can lead to unauthorized actions such as arbitrary mail sending, mailbox exfiltration, profile picture alteration, and other malicious actions. Proper sanitization and escaping of input fields are necessary to mitigate this vulnerability. | ||||
| CVE-2025-29094 | 1 Motivian | 1 Content Management System | 2025-06-11 | 6.1 Medium |
| Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components. | ||||
| CVE-2022-3836 | 1 Seedwebs | 1 Seed Social | 2025-06-11 | 4.8 Medium |
| The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-50166 | 1 Pega | 1 Platform | 2025-06-11 | 6.1 Medium |
| Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | ||||
| CVE-2024-12722 | 1 Mohsinrasool | 1 Twitter Bootstrap Collapse Aka Accordian Shortcode | 2025-06-11 | 5.4 Medium |
| The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-12724 | 1 Codeflock | 1 Wp Desklite | 2025-06-11 | 6.1 Medium |
| The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12725 | 1 Smartdatasoft | 1 Clasify Classified Listing | 2025-06-11 | 6.1 Medium |
| The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12726 | 1 Takien | 1 Clipart | 2025-06-11 | 6.1 Medium |
| The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2023-6456 | 1 Ljapps | 1 Wp Review Slider | 2025-06-11 | 4.8 Medium |
| The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-5943 | 1 Markusbegerow | 1 Wp-adv-quiz | 2025-06-11 | 4.8 Medium |
| The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2023-4925 | 1 Yikesinc | 1 Easy Forms For Mailchimp | 2025-06-11 | 4.8 Medium |
| The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2023-48127 | 1 Linecorp | 1 Line | 2025-06-11 | 5.4 Medium |
| An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43999 | 1 Linecorp | 1 Line | 2025-06-11 | 5.4 Medium |
| An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43988 | 1 Linecorp | 1 Line | 2025-06-11 | 5.4 Medium |
| An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-0389 | 1 Codepeople | 1 Calculated Fields Form | 2025-06-11 | 4.8 Medium |
| The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2021-24432 | 1 Berocket | 1 Advanced Ajax Product Filters | 2025-06-11 | 6.1 Medium |
| The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue. | ||||
| CVE-2024-12739 | 1 Annabansaghi | 1 Mobile Contact Bar | 2025-06-11 | 4.8 Medium |
| The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-6693 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2025-06-11 | 4.8 Medium |
| The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||