The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rw_image_badge1' shortcode in all versions up to, and including,
The Wonder Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image title and description DOM in all versions up to, and including, 14.4 due to insufficient input saniti
The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitizatio
The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including, 3.1
The Ocean Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via social icon titles in all versions up to, and including, 2.2.1 due to insufficient input sanitization and
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sa
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post_title in all versions up to, and including, 6.4.3. This is due to insufficient
The Flying Images: Optimize and Lazy Load Images for Faster Page Speed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.14
The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insuf
The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanit
The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and outpu
The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode rend
The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycred_load_coupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input san
The List Site Contributors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alpha' parameter in versions up to, and including, 1.1.8 due to insufficient input sanitization
The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitiza
The Ai Image Alt Text Generator for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.6 due to insufficient inp
The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachment_id’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitiz
The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and
The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all ve
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[].href' parameter in all versions up to, and including, 5.97.0 due to insufficient