| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions. |
| Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions. |
| Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions. |
| Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions. |
| Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions. |
| Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions. |
| Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. |
| Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. |
| Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. |
| Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. |
| Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. |
| Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. |
| Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. |
| Sales Representative SQL Injection in Groundhogg <= 4.5 versions. |
| The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |