Vulnerabilities > Plugin Planet > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2022-25610 Cross-site Scripting vulnerability in Plugin-Planet Simple Ajax Chat
Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code.
network
low complexity
plugin-planet CWE-79
6.1
6.1
2022-03-11 CVE-2022-25601 Cross-site Scripting vulnerability in multiple products
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).
network
low complexity
plugin-planet fedoraproject CWE-79
6.1
6.1
2021-07-12 CVE-2021-24409 Cross-site Scripting vulnerability in Plugin-Planet Prismatic
The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator 		4.3
4.3
2019-09-20 CVE-2016-11001 Cross-site Scripting vulnerability in Plugin-Planet User Submitted Posts
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. 		4.3
4.3