CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32615 – WordPress Clinked Client Portal Plugin <= 1.10 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32615
10 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clinked Clinked Client Portal allows Reflected XSS. This issue affects Clinked Client Portal: from n/a through 1.10. The Clinked Client Portal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that ... • https://patchstack.com/database/wordpress/plugin/clinked-client-portal/vulnerability/wordpress-clinked-client-portal-plugin-1-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31737 – WordPress Client Showcase plugin <= 1.2.0 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31737
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dxladner Client Showcase allows Stored XSS. This issue affects Client Showcase: from n/a through 1.2.0. The Client Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scr... • https://patchstack.com/database/wordpress/plugin/client-showcase/vulnerability/wordpress-client-showcase-plugin-1-2-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26578 – WordPress Simple Documentation plugin <= 1.2.8 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-26578
13 Feb 2025 — Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation allows Stored XSS. This issue affects Simple Documentation: from n/a through 1.2.8. The Simple Documentation plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they ca... • https://patchstack.com/database/wordpress/plugin/client-documentation/vulnerability/wordpress-simple-documentation-plugin-1-2-8-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51821 – WordPress WE – Client Logo Carousel plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51821
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordpresteem WE – Client Logo Carousel allows Stored XSS.This issue affects WE – Client Logo Carousel: from n/a through 1.4. The WE – Client Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above... • https://patchstack.com/database/vulnerability/we-client-logo-carousel/wordpress-we-client-logo-carousel-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48570
https://notcve.org/view.php?id=CVE-2024-48570
22 Oct 2024 — Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php. • https://github.com/Luc1f3r066/Client-Management-System-v1.0- • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49670 – WordPress Client Power Tools Portal plugin <= 1.8.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49670
21 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sam Glover Client Power Tools Portal allows Reflected XSS.This issue affects Client Power Tools Portal: from n/a through 1.8.6. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Sam Glover Client Power Tools Portal permite XSS reflejado. Este problema afecta a Client Power Tools Portal: desde n/a hasta 1.8.6. The Client... • https://patchstack.com/database/vulnerability/client-power-tools/wordpress-client-power-tools-portal-plugin-1-8-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47631 – WordPress Logo Carousel – Clients logo carousel for WP plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47631
30 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins LLC Logo Carousel – Clients logo carousel for WP allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through 1.2. The Logo Carousel – Clients logo carousel for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible fo... • https://patchstack.com/database/vulnerability/responsive-client-logo-carousel-slider/wordpress-logo-carousel-clients-logo-carousel-for-wp-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33923 – WordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33923
29 Apr 2024 — Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69. Vulnerabilidad de autorización faltante en Smartypants SP Project & Document Manager. Este problema afecta a SP Project & Document Manager: desde n/a hasta 4.69. The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.69. This ma... • https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-69-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33566 – WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-33566
25 Apr 2024 — Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. La vulnerabilidad de autorización faltante en N-Media OrderConvo permite la inyección de comandos del sistema operativo. Este problema afecta a OrderConvo: desde n/a hasta 12.4. The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on a REST API endpoint in a... • https://patchstack.com/database/vulnerability/admin-and-client-message-after-order-for-woocommerce/wordpress-orderconvo-plugin-12-4-unauthenticated-api-access-to-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33652 – WordPress Client Dash plugin <= 2.2.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33652
25 Apr 2024 — Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1. Vulnerabilidad de autorización faltante en Real Big Plugins Client Dash. Este problema afecta a Client Dash: desde n/a hasta 2.2.1. The Client Dash plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/client-dash/wordpress-client-dash-plugin-2-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •