Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-17 | CVE-2016-10992 | Cross-site Scripting vulnerability in Codepeople Music Store The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. | 4.3 |
| 2019-09-17 | CVE-2016-10990 | Cross-site Scripting vulnerability in Wpcerber Cerber Security Antispam & Malware Scan 2.0.1.6 The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header. | 4.3 |
| 2019-09-17 | CVE-2016-10988 | Cross-site Scripting vulnerability in Leenk Leenk.Me The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer. | 4.3 |
| 2019-09-17 | CVE-2016-10987 | Cross-site Scripting vulnerability in Woocommerce Persian Woocommerce SMS The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. | 4.3 |
| 2019-09-17 | CVE-2016-10986 | Cross-site Scripting vulnerability in Nerdcow Tweet Wheel The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret. | 4.3 |
| 2019-09-17 | CVE-2016-10985 | Cross-site Scripting vulnerability in Smackcoders Echo Sign 1.0.0/1.1.0 The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter. | 4.3 |
| 2019-09-17 | CVE-2016-10984 | Cross-site Scripting vulnerability in Smackcoders Echo Sign 1.0.0/1.1.0 The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter. | 4.3 |
| 2019-09-17 | CVE-2016-10981 | Cross-site Scripting vulnerability in Kentothemes Kento-Post-View-Counter The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text. | 4.3 |
| 2019-09-17 | CVE-2016-10980 | Cross-site Scripting vulnerability in Kentothemes Kento-Post-View-Counter The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo. | 4.3 |
| 2019-09-17 | CVE-2016-10979 | Cross-site Scripting vulnerability in Fossura TAG Miner The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. | 4.3 |