Total
37524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38351 | 1 Outsidesource | 1 Osd Subscribe | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3. | |||||
| CVE-2021-38350 | 1 Spideranalyse Project | 1 Spideranalyse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1. | |||||
| CVE-2021-38349 | 1 Techastha | 1 Integration Of Moneybird For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. | |||||
| CVE-2021-38348 | 1 Advance Search Project | 1 Advance Search | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2. | |||||
| CVE-2021-38347 | 1 Custom Website Data Project | 1 Custom Website Data | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2. | |||||
| CVE-2021-38344 | 1 Brizy | 1 Brizy-page Builder | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page. | |||||
| CVE-2021-38341 | 1 Dreamfoxmedia | 1 Woocommerce Payment Gateway Per Category | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10. | |||||
| CVE-2021-38340 | 1 Wordpress Simple Shop Project | 1 Wordpress Simple Shop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | |||||
| CVE-2021-38339 | 1 Devondev | 1 Simple Matted Thumbnails | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01. | |||||
| CVE-2021-38338 | 1 Border Loading Bar Project | 1 Border Loading Bar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | |||||
| CVE-2021-38337 | 1 Carrcommunications | 1 Rsvpmaker Excel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. | |||||
| CVE-2021-38336 | 1 Sw-guide | 1 Edit Comments Xt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-38335 | 1 Wiseagent | 1 Wise Agent Capture Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-38334 | 1 Amazingweb | 1 Wp-design-maps-places | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | |||||
| CVE-2021-38333 | 1 Wp Scrippets Project | 1 Wp Scrippets | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1. | |||||
| CVE-2021-38332 | 1 Ops-robots-txt Project | 1 Ops-robots-txt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | |||||
| CVE-2021-38331 | 1 Wp-t-wap Project | 1 Wp-t-wap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2. | |||||
| CVE-2021-38330 | 1 Tromit | 1 Yabp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4. | |||||
| CVE-2021-38329 | 1 Dj Emailpublish Project | 1 Dj Emailpublish | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2. | |||||
| CVE-2021-38328 | 1 Notices Project | 1 Notices | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. | |||||