| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginic FancyPost post-block allows DOM-Based XSS.This issue affects FancyPost: from n/a through <= 6.0.1. |
| Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a through <= 2.5.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in IT Path Solutions SCSS WP Editor scss-wp-editor allows Cross Site Request Forgery.This issue affects SCSS WP Editor: from n/a through <= 1.2.1. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcast_history allows Path Traversal.This issue affects CLEVER: from n/a through <= 2.6. |
| Cross-Site Request Forgery (CSRF) vulnerability in Proptech Plugin Apimo Connector apimo allows Cross Site Request Forgery.This issue affects Apimo Connector: from n/a through <= 2.6.5.1. |
| Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit For WP: from n/a through <= 1.4.5. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadConnector LeadConnector leadconnector allows DOM-Based XSS.This issue affects LeadConnector: from n/a through <= 3.0.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin About Author about-author allows Reflected XSS.This issue affects About Author: from n/a through <= 1.6.2. |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce order-status-rules-for-woocommerce allows Phishing.This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through <= 3.7.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha & Anti-Spam Filter alphaomega-captcha-anti-spam allows Stored XSS.This issue affects AlphaOmega Captcha & Anti-Spam Filter: from n/a through <= 3.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: from n/a through <= 3.6. |
| Cross-Site Request Forgery (CSRF) vulnerability in planetstudio Builder for Contact Form 7 by Webconstruct cf7-builder allows Cross Site Request Forgery.This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through <= 1.2.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n/a through <= 2.3.1. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik estatik allows PHP Local File Inclusion.This issue affects Estatik: from n/a through <= 4.3.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chatra Chatra Live Chat + ChatBot + Cart Saver allows Stored XSS. This issue affects Chatra Live Chat + ChatBot + Cart Saver: from n/a through 1.0.11. |
| Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Retrieve Embedded Sensitive Data.This issue affects Import and export users and customers: from n/a through <= 1.27.12. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill RSVP and Event Management rsvp allows SQL Injection.This issue affects RSVP and Event Management: from n/a through <= 2.7.14. |
| Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through <= 5.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petulla’ imaGenius imagenius allows Stored XSS.This issue affects imaGenius: from n/a through <= 1.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ianhaycox World Cup Predictor world-cup-predictor allows Reflected XSS.This issue affects World Cup Predictor: from n/a through <= 1.9.8. |
