The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allo
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allo
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting
The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at
The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting att
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks
The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions
The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5 due to insufficient input
The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against
The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when
The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even
The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting att
The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks
The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh
The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w
The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when u
The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting att
Page 1+ Next →