Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38341 | 1 Dreamfoxmedia | 1 Woocommerce Payment Gateway Per Category | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10. | |||||
| CVE-2021-38340 | 1 Wordpress Simple Shop Project | 1 Wordpress Simple Shop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | |||||
| CVE-2021-38339 | 1 Devondev | 1 Simple Matted Thumbnails | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01. | |||||
| CVE-2021-38338 | 1 Border Loading Bar Project | 1 Border Loading Bar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | |||||
| CVE-2021-38337 | 1 Carrcommunications | 1 Rsvpmaker Excel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. | |||||
| CVE-2021-38336 | 1 Sw-guide | 1 Edit Comments Xt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-38335 | 1 Wiseagent | 1 Wise Agent Capture Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-38334 | 1 Amazingweb | 1 Wp-design-maps-places | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | |||||
| CVE-2021-38333 | 1 Wp Scrippets Project | 1 Wp Scrippets | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1. | |||||
| CVE-2021-38332 | 1 Ops-robots-txt Project | 1 Ops-robots-txt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | |||||
| CVE-2021-38331 | 1 Wp-t-wap Project | 1 Wp-t-wap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2. | |||||
| CVE-2021-38330 | 1 Tromit | 1 Yabp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4. | |||||
| CVE-2021-38329 | 1 Dj Emailpublish Project | 1 Dj Emailpublish | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2. | |||||
| CVE-2021-38328 | 1 Notices Project | 1 Notices | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. | |||||
| CVE-2021-38327 | 1 Ueberhamm-design | 1 Youtube Video Inserter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0. | |||||
| CVE-2021-38326 | 1 Wpleet | 1 Post Title Counter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. | |||||
| CVE-2021-38325 | 1 User-activation-email Project | 1 User-activation-email | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0. | |||||
| CVE-2021-38323 | 1 30lines | 1 Rentpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4. | |||||
| CVE-2021-38322 | 1 Twitter Friends Widget Project | 1 Twitter Friends Widget | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1. | |||||
| CVE-2021-38321 | 1 Custom-sub-menus Project | 1 Custom-sub-menus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3. | |||||