CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0239 – Contact Form 7 Connector < 1.2.3 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-0239
10 Jan 2024 — The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators. El complemento de WordPress Contact Form 7 Connector anterior a 1.2.3 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera cross site scripting reflejado que podría usarse contra los administradores. The Contact Form 7 Connector plugin for WordPress is vul... • https://wpscan.com/vulnerability/b9a4a3e3-7cdd-4354-8541-4219bd41c854 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52182 – WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-52182
29 Dec 2023 — Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0. Vulnerabilidad de deserialización de datos no confiables en ARI Soft ARI Stream Quiz – WordPress Quizzes Builder. Este problema afecta a ARI Stream Quiz – WordPress Quizzes Builder: desde n/a hasta 1.3.0. The ARI Stream Quiz – WordPress Quizzes Builder plugin for WordPress is vulnerable to PHP Object Injection in all v... • https://patchstack.com/database/vulnerability/ari-stream-quiz/wordpress-ari-stream-quiz-plugin-1-3-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47835 – WordPress ARI Stream Quiz Plugin <= 1.2.32 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47835
16 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en el complemento ARI Soft ARI Stream Quiz – WordPress Quizzes Builder en versiones <= 1.2.32. The ARI Stream Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and inc... • https://patchstack.com/database/vulnerability/ari-stream-quiz/wordpress-ari-stream-quiz-plugin-1-2-32-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0161 – ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0161
17 Feb 2022 — The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting El plugin ARI Fancy Lightbox de WordPress versiones anteriores a 1.3.9, no sanea ni escapa del parámetro msg antes de devolverlo a una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2680993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19156
https://notcve.org/view.php?id=CVE-2020-19156
15 Sep 2021 — Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Ari Adminer versión v1, permite a atacantes remotos ejecutar código arbitrario por medio del parámetro "Title" del componente "Add New Connections" cuando se llama a la función "save()" • https://www.seebug.org/vuldb/ssvid-97852 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •