Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1195 | 1 Fabian | 1 Real Estate Property Management System | 2025-02-20 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0511 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | 7.2 High |
| The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2021-36920 | 1 Wpchill | 1 Download Monitor | 2025-02-20 | 4.8 Medium |
| Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | ||||
| CVE-2021-23174 | 1 Wpchill | 1 Download Monitor | 2025-02-20 | 3.4 Low |
| Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | ||||
| CVE-2022-23980 | 1 Yet Another Stars Rating Project | 1 Yet Another Stars Rating | 2025-02-20 | 4.7 Medium |
| Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'. | ||||
| CVE-2021-26256 | 1 Ays-pro | 1 Survey Maker | 2025-02-20 | 4.7 Medium |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6). | ||||
| CVE-2022-25601 | 2 Fedoraproject, Plugin-planet | 2 Fedora, Contact Form X | 2025-02-20 | 4.7 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | ||||
| CVE-2022-25603 | 1 Maxfoundry | 1 Maxgalleria | 2025-02-20 | 4.8 Medium |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | ||||
| CVE-2022-25604 | 1 Price Table Project | 1 Price Table | 2025-02-20 | 4.1 Medium |
| Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). | ||||
| CVE-2022-25605 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2025-02-20 | 4.8 Medium |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | ||||
| CVE-2022-25609 | 1 Yooslider | 1 Yoo Slider | 2025-02-20 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. | ||||
| CVE-2022-25606 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2025-02-20 | 4.8 Medium |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | ||||
| CVE-2022-25610 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-02-20 | 3.4 Low |
| Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. | ||||
| CVE-2022-25611 | 1 Presstigers | 1 Simple Event Planner | 2025-02-20 | 4.1 Medium |
| Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | ||||
| CVE-2022-25612 | 1 Presstigers | 1 Simple Event Planner | 2025-02-20 | 4.1 Medium |
| Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. | ||||
| CVE-2022-25613 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2025-02-20 | 4.1 Medium |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. | ||||
| CVE-2022-25618 | 1 Tms-outsource | 1 Wpdatatables Lite | 2025-02-20 | 3.4 Low |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 | ||||
| CVE-2021-36851 | 1 Web-settler | 1 Testimonial Slider | 2025-02-20 | 4.1 Medium |
| Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. | ||||
| CVE-2021-36910 | 1 Wp-appbox Project | 1 Wp-appbox | 2025-02-20 | 3.4 Low |
| Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | ||||
| CVE-2021-36848 | 1 Sharethis | 1 Social Media Feather | 2025-02-20 | 3.4 Low |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | ||||