Vulnerabilities > Plugin Planet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-12 | CVE-2021-24409 | Unspecified vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator | 6.1 |
| 2019-09-20 | CVE-2016-11001 | Cross-site Scripting vulnerability in Plugin-Planet User Submitted Posts The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | 6.1 |