Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-20 | CVE-2015-9396 | Cross-site Scripting vulnerability in Attosoft Auto Thickbox Plus 1.9 The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. | 4.3 |
| 2019-09-20 | CVE-2015-9393 | Cross-site Scripting vulnerability in Usersultra Users Ultra Membership 1.5.59 The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. | 3.5 |
| 2019-09-20 | CVE-2015-9392 | Cross-site Scripting vulnerability in Usersultra Users Ultra Membership 1.5.59 The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. | 3.5 |
| 2019-09-20 | CVE-2016-11013 | Cross-site Scripting vulnerability in Agentevolution Impress Listings The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. | 4.3 |
| 2019-09-20 | CVE-2016-11012 | Cross-site Scripting vulnerability in Solaplugins Sola Support Tickets The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. | 3.5 |
| 2019-09-20 | CVE-2016-11005 | Cross-site Scripting vulnerability in Elfsight Instalinker The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. | 4.3 |
| 2019-09-20 | CVE-2016-11001 | Cross-site Scripting vulnerability in Plugin-Planet User Submitted Posts The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | 4.3 |
| 2019-09-20 | CVE-2016-10999 | Cross-site Scripting vulnerability in Momizat Goodnews 20160228 The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. | 4.3 |
| 2019-09-20 | CVE-2016-10998 | Cross-site Scripting vulnerability in Ocimscripts Ocim-Mp3 20160307 The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. | 4.3 |
| 2019-09-20 | CVE-2015-9391 | Cross-site Scripting vulnerability in Ostenta Yawpp The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. | 4.3 |