Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7319 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field. | |||||
| CVE-2021-24773 | 1 W3eden | 1 Download Manager | 2025-03-21 | 3.5 LOW | 4.8 MEDIUM |
| The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2017-2216 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-18032 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. | |||||
| CVE-2019-15889 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. | |||||
| CVE-2024-2082 | 1 Theinnovs | 1 Eleforms | 2025-03-21 | N/A | 6.1 MEDIUM |
| The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-4107 | 1 Elementor | 1 Website Builder | 2025-03-21 | N/A | 5.4 MEDIUM |
| The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-25727 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-03-21 | N/A | 5.4 MEDIUM |
| In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. | |||||
| CVE-2023-25241 | 1 Bgerp | 1 Bgerp | 2025-03-21 | N/A | 6.1 MEDIUM |
| bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. | |||||
| CVE-2024-56226 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-03-21 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. | |||||
| CVE-2024-56062 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-03-21 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.987. | |||||
| CVE-2024-40599 | 1 Mediawiki | 1 Mediawiki | 2025-03-20 | N/A | 4.8 MEDIUM |
| An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2023-22376 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2025-03-20 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. | |||||
| CVE-2024-38953 | 1 Phpok | 1 Phpok | 2025-03-20 | N/A | 6.1 MEDIUM |
| phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. | |||||
| CVE-2024-44683 | 1 Seacms | 1 Seacms | 2025-03-20 | N/A | 6.1 MEDIUM |
| Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | |||||
| CVE-2023-42307 | 1 Code-projects | 1 Exam Form Submission | 2025-03-20 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section. | |||||
| CVE-2024-4400 | 1 Boldgrid | 1 Post And Page Builder | 2025-03-20 | N/A | 5.4 MEDIUM |
| The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-28128 | 1 Cleancoder | 1 Fitnesse | 2025-03-20 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter. | |||||
| CVE-2022-4656 | 1 Plugins-market | 1 Wp Visitor Statistics | 2025-03-20 | N/A | 5.4 MEDIUM |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2024-37629 | 1 Summernote | 1 Summernote | 2025-03-20 | N/A | 6.1 MEDIUM |
| SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | |||||