| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Cool fade popup cool-fade-popup allows Blind SQL Injection.This issue affects Cool fade popup: from n/a through <= 10.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aakif Kadiwala Posts Slider Shortcode posts-slider-shortcode allows DOM-Based XSS.This issue affects Posts Slider Shortcode: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marvie Pons Pinterest Verify Meta Tag pinterest-verify-meta-tag allows Stored XSS.This issue affects Pinterest Verify Meta Tag: from n/a through <= 1.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in melipayamak Melipayamak melipayamak allows Stored XSS.This issue affects Melipayamak: from n/a through <= 2.2.12. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through <= 4.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stefanledin Responsify WP responsify-wp allows Stored XSS.This issue affects Responsify WP: from n/a through <= 1.9.11. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod torod allows SQL Injection.This issue affects Torod: from n/a through <= 2.1. |
| Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through <= 1.4.16. |
| Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through <= 1.1.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamil Shafeev «Подсказки» от DaData.ru dadata-ru allows Stored XSS.This issue affects «Подсказки» от DaData.ru: from n/a through <= 1.0.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects ACF: Yandex Maps Field: from n/a through <= 1.1. |
| Missing Authorization vulnerability in amazewp fluXtore fluxtore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fluXtore: from n/a through <= 1.6.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through <= 2.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through <= 1.3.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget store-locator-widget allows Stored XSS.This issue affects Store Locator Widget: from n/a through <= 2025r2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme Structured Content structured-content allows Stored XSS.This issue affects Structured Content: from n/a through <= 1.6.3. |
| Server-Side Request Forgery (SSRF) vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through <= 3.9.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas wp-access-areas allows Reflected XSS.This issue affects Access Areas: from n/a through <= 1.5.19. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4. |
| Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.3. |
