| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. |
| The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. |
| The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. |
| The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. |
| prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. |
| The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. |
| The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id. |
| The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. |
| The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. |
| The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. |
| The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. |
| The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. |
| The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. |
| The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. |
| The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. |
