Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Picture-Planet GmbH Verowa Connect allows Stored XSS. This issue affects Verowa Connect: from n/a through 3.2.3. More information : https://patchstack.com/database/wordpress/plugin/verowa-connect/vulnerability/wordpress-verowa-connect-plugin-3-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection. This issue affects Constructo: from n/a through 4.3.9. More information : https://patchstack.com/database/wordpress/theme/constructo/vulnerability/wordpress-constructo-theme-4-3-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58. More information : https://patchstack.com/database/wordpress/plugin/portfolio/vulnerability/wordpress-portfolio-plugin-2-58-cross-site-scripting-xss-vulnerability?_s_id=cve
Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0. More information : https://patchstack.com/database/wordpress/plugin/ti-woocommerce-wishlist/vulnerability/wordpress-ti-woocommerce-wishlist-plugin-2-10-0-broken-access-control-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in codefish Pinterest Pinboard Widget allows Stored XSS. This issue affects Pinterest Pinboard Widget: from n/a through 1.0.7. More information : https://patchstack.com/database/wordpress/plugin/pinterest-pinboard-widget/vulnerability/wordpress-pinterest-pinboard-widget-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve
Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely allows Retrieve Embedded Sensitive Data. This issue affects Qubely: from n/a through 1.8.14. More information : https://patchstack.com/database/wordpress/plugin/qubely/vulnerability/wordpress-qubely-plugin-1-8-14-sensitive-data-exposure-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Authentication Bypass. This issue affects Findgo: from n/a through 1.3.55. More information : https://patchstack.com/database/wordpress/theme/fingo/vulnerability/wordpress-findgo-theme-1-3-55-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sticky Header Effects for Elementor: from n/a through 2.1.2. More information : https://patchstack.com/database/wordpress/plugin/sticky-header-effects-for-elementor/vulnerability/wordpress-sticky-header-effects-for-elementor-plugin-2-1-2-broken-access-control-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in snapwidget SnapWidget Social Photo Feed Widget allows DOM-Based XSS. This issue affects SnapWidget Social Photo Feed Widget: from n/a through 1.1.0. More...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vadim Bogaiskov Bg Church Memos allows DOM-Based XSS. This issue affects Bg Church Memos: from n/a through 1.1. More information : https://patchstack.com/database/wordpress/plugin/bg-church-memos/vulnerability/wordpress-bg-church-memos-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Niaj Morshed LC Wizard allows Stored XSS. This issue affects LC Wizard: from n/a through 1.3.0. More information : https://patchstack.com/database/wordpress/plugin/ghl-wizard/vulnerability/wordpress-lc-wizard-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ONTRAPORT PilotPress allows Stored XSS. This issue affects PilotPress: from n/a through 2.0.35. More information : https://patchstack.com/database/wordpress/plugin/pilotpress/vulnerability/wordpress-pilotpress-plugin-2-0-35-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chandrika Sista WP Category Dropdown allows Stored XSS. This issue affects WP Category Dropdown: from n/a through 1.9. More information : https://patchstack.com/database/wordpress/plugin/wp-category-dropdown/vulnerability/wordpress-wp-category-dropdown-plugin-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michel – xiligroup dev xili-tidy-tags allows Stored XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06. More information : https://patchstack.com/database/wordpress/plugin/xili-tidy-tags/vulnerability/wordpress-xili-tidy-tags-plugin-1-12-06-cross-site-scripting-xss-vulnerability?_s_id=cve