CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4594 – WordPress Responsive Preview <= 1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4594
Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de XSS en index.php en el plugin WordPress Responsive Preview anterior a 1.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro url. • http://codevigilant.com/disclosure/wp-plugin-wp-responsive-preview-a3-cross-site-scripting-xss http://wordpress.org/plugins/wp-responsive-preview/changelog http://www.securityfocus.com/bid/68408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2014-4600 – WP Ultimate Email Marketer <= 1.1.0 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4600
Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) listname or (2) contact parameter. Múltiples vulnerabilidades de XSS en contact/edit.php en el plugin WP Ultimate Email Marketer 1.1.0 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) listname o (2) contact. The WP Ultimate Email Marketer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'listname' & 'contact' parameters in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • http://codevigilant.com/disclosure/wp-plugin-wp-ultimate-email-marketer-a3-cross-site-scripting-xss http://plugins.svn.wordpress.org/wp-ultimate-email-marketer/trunk/Readme.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4576 – WordPress Social Login <= 2.1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4576
Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter. Vulnerabilidad de XSS en services/diagnostics.php en el plugin WordPress Social Login 2.0.3 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro xhrurl. Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter. • http://codevigilant.com/disclosure/wp-plugin-wordpress-social-login-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2014-4534 – HTML5 Video Player with Playlist <= 2.4.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4534
Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) theme or (2) playlistmod parameter. Múltiples vulnerabilidades de XSS en videoplayer/autoplay.php en el plugin HTML5 Video Player with Playlist 2.4.0 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) theme o (2) playlistmod. The HTML5 Video Player with Playlist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'theme' and 'playlistmod' parameters in videoplayer/autoplay.php in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • http://codevigilant.com/disclosure/wp-plugin-html5-video-player-with-playlist-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4566 – verwei.se – WordPress – Twitter <= 1.0 2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4566
Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php in the "verwei.se - WordPress - Twitter" (verweise-wordpress-twitter) plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter. Vulnerabilidad de XSS en res/fake_twitter/frame.php en el plugin 'verwei.se - WordPress - Twitter' (verweise-wordpress-twitter) 1.0.2 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro base. • http://codevigilant.com/disclosure/wp-plugin-verweise-wordpress-twitter-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •