Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-17 | CVE-2016-10988 | Cross-site Scripting vulnerability in Leenk Leenk.Me The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer. | 4.3 |
| 2019-09-17 | CVE-2016-10987 | Cross-site Scripting vulnerability in Woocommerce Persian Woocommerce SMS The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. | 4.3 |
| 2019-09-17 | CVE-2016-10986 | Cross-site Scripting vulnerability in Nerdcow Tweet Wheel The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret. | 4.3 |
| 2019-09-17 | CVE-2016-10985 | Cross-site Scripting vulnerability in Smackcoders Echo Sign 1.0.0/1.1.0 The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter. | 4.3 |
| 2019-09-17 | CVE-2016-10984 | Cross-site Scripting vulnerability in Smackcoders Echo Sign 1.0.0/1.1.0 The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter. | 4.3 |
| 2019-09-17 | CVE-2016-10981 | Cross-site Scripting vulnerability in Kentothemes Kento-Post-View-Counter The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text. | 4.3 |
| 2019-09-17 | CVE-2016-10980 | Cross-site Scripting vulnerability in Kentothemes Kento-Post-View-Counter The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo. | 4.3 |
| 2019-09-17 | CVE-2016-10979 | Cross-site Scripting vulnerability in Fossura TAG Miner The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. | 4.3 |
| 2019-09-17 | CVE-2016-10976 | Cross-site Scripting vulnerability in Kodebyraaet Safe Editor 1.0/1.1 The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. | 4.3 |
| 2019-09-17 | CVE-2016-10975 | Cross-site Scripting vulnerability in Tonjoostudio Fluid-Responsive-Slideshow The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter. | 4.3 |