Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and out
Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization a
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to i
The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output
The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output
Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient i
The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escap
The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it p
The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficie
The WS Form LITE and PRO plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization
The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output es
A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions in all versions up to, and including, 1.15.40.
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up t
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient i
Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This