The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rev_slider_vc’ shortcode in all versions up to, and including, 8.6 due to insufficient input sanitization and output escaping...
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘wishlist_quickview’ AJAX action in all versions up to, and including,...
The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mxp_fb2wp_display_embed’ shortcode in all versions up to, and including, 1.9.9. This is due to the plugin not properly sanitizing...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – SecurePoll Extension allows Stored XSS.This issue affects Mediawiki – SecurePoll Extension: master. More information :...
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – ImageRating Extension allows Stored XSS.This issue affects Mediawiki – ImageRating Extension: from master before 1.39....
Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki – CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki – CirrusSearch Extension: from master before 1.43. More information : https://gerrit.wikimedia.org/r/q/I3e8d819868c0491b18368af8e543180e747023c2
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki – GrowthExperiments Extension: from master before 1.39....
Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki – GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki – GrowthExperiments Extension: from master before 1.39. More information : https://gerrit.wikimedia.org/r/q/I29a18dbbaf7e2ce2a713233dbc6880032fec3628
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki – CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki – CentralAuth Extension: from master before 1.39. More information :...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – FlexDiagrams Extension allows Stored XSS.This issue affects Mediawiki – FlexDiagrams Extension: master. More information :...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Cargo Extension allows Stored XSS.This issue affects Mediawiki – Cargo Extension: master. More information :...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – AdvancedSearch Extension allows Stored XSS.This issue affects Mediawiki – AdvancedSearch Extension: from master before 1.39....
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – UploadWizard Extension allows Stored XSS.This issue affects Mediawiki – UploadWizard Extension: from master before 1.39....