Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insuffici
The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This mak
The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitizatio
The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpr_admin_msg' parameter in all versions up to, and including, 6.6 due to insufficient input san
The Simple User Meta Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user meta value field in all versions up to, and including, 1.0.0 due to insufficient input saniti
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all vers
The Easy Custom Admin Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization
The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to
The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output es
The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it p
The HTML Forms – Simple WordPress Forms Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.5 due to insufficient inpu
The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and out
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitiza
The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agai
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sa
The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficien
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization an
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitizatio
The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping
Page 1+ Next →