Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-26 | CVE-2015-9438 | Cross-site Scripting vulnerability in Display-Widgets Project Display-Widgets The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. | 3.5 |
| 2019-09-26 | CVE-2015-9436 | Cross-site Scripting vulnerability in Qurl Dynamic Widgets The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter. | 3.5 |
| 2019-09-26 | CVE-2015-9430 | Cross-site Scripting vulnerability in Crazy Bone Project Crazy Bone The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. | 4.3 |
| 2019-09-26 | CVE-2015-9426 | Cross-site Scripting vulnerability in Manual Image Crop Project Manual Image Crop The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. | 3.5 |
| 2019-09-26 | CVE-2015-9423 | Cross-site Scripting vulnerability in Simplysymphony Plugnedit 1.0/1.1/1.2 The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. | 3.5 |
| 2019-09-26 | CVE-2015-9420 | Cross-site Scripting vulnerability in Mightymess Soundcloud IS Gold The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. | 4.3 |
| 2019-09-26 | CVE-2015-9419 | Cross-site Scripting vulnerability in Captain-Slider Project Captain-Slider 1.0.6 The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section. | 4.3 |
| 2019-09-26 | CVE-2015-9416 | Cross-site Scripting vulnerability in Onthegosystems Sitepress-Multilingual-Cms 2.9.3/3.2.6 The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header. | 4.3 |
| 2019-09-26 | CVE-2015-9414 | Cross-site Scripting vulnerability in Wpsymposiumpro Wp-Symposium The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter. | 4.3 |
| 2019-09-26 | CVE-2015-9412 | Cross-site Scripting vulnerability in Royal-Slider Project Royal-Slider The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter. | 4.3 |