CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30560 – WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-30560
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery Dropdown Menu allows Stored XSS. This issue affects jQuery Dropdown Menu: from n/a through 3.0. The jQuery Dropdown Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can tri... • https://patchstack.com/database/wordpress/plugin/jquery-drop-down-menu-plugin/vulnerability/wordpress-jquery-dropdown-menu-plugin-3-0-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22798 – WordPress Responsive jQuery Slider plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22798
13 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer Responsive jQuery Slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through 1.1.1. The Responsive jQuery Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov... • https://patchstack.com/database/wordpress/plugin/responsive-jquery-slider/vulnerability/wordpress-responsive-jquery-slider-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56287 – WordPress WP jQuery DataTable Plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56287
03 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biztechc WP jQuery DataTable allows Stored XSS.This issue affects WP jQuery DataTable: from n/a through 4.0.1. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en WP jQuery DataTable de biztechc permite XSS almacenado. Este problema afecta a WP jQuery DataTable: desde n/a hasta 4.0.1. The WP jQuery DataTable plugin for WordPress is vu... • https://patchstack.com/database/wordpress/plugin/wp-jquery-datatable/vulnerability/wordpress-wp-jquery-datatable-plugin-4-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24849 – WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24849
02 Feb 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Mark Stockton Quicksand Post Filter jQuery Plugin. Este problema afecta a Quicksand Post Filter jQuery Plugin: desde n/a hasta 3.1.1. The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1... • https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24850 – WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24850
02 Feb 2024 — Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. Vulnerabilidad de autorización faltante en Mark Stockton Quicksand Post Filter jQuery Plugin. Este problema afecta al complemento jQuery Quicksand Post Filter: desde n/a hasta 3.1.1. The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'quicksand_admi... • https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32850 – jQuery MiniColors vulnerable to Cross-site Scripting
https://notcve.org/view.php?id=CVE-2021-32850
20 Feb 2023 — jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6. • https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2144 – Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF
https://notcve.org/view.php?id=CVE-2022-2144
27 Jun 2022 — The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack El plugin Jquery Validation For Contact Form 7 de WordPress versiones anteriores a 5.3, no presenta una comprobación de tipo CSRF cuando es actualizada su configuración, lo que podría permitir a atacantes hacer que un administrador conectado cambie la... • https://wpscan.com/vulnerability/419054d4-95e8-4f4a-b864-a98b3e18435a • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30241
https://notcve.org/view.php?id=CVE-2022-30241
04 May 2022 — The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. jquery.json-viewer library versiones hasta 1.4.0 para Node.js no escapa correctamente los caracteres como < en un objeto JSON, como lo demuestra un elemento SCRIPT • https://github.com/abodelot/jquery.json-viewer/pull/26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1291 – XSS vulnerability with default `onCellHtmlData` function in hhurz/tableexport.jquery.plugin
https://notcve.org/view.php?id=CVE-2022-1291
10 Apr 2022 — XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers Una vulnerabilidad de tipo XSS con la función por defecto "onCellHtmlData" en el repositorio de GitHub hhurz/tableexport.jquery.plugin versiones anteriores a 1.25.0. Transmisión de cookies a servidores de terceros. Envío de datos de sesiones seguras a servidores de terceros • https://github.com/hhurz/tableexport.jquery.plugin/commit/dcbaee23cf98328397a153e71556f75202988ec9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23395
https://notcve.org/view.php?id=CVE-2022-23395
02 Mar 2022 — jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). jQuery Cookie versión 1.4.1, está afectado por una contaminación de parámetros, lo que puede conllevar a una vulnerabilidad de tipo cross-site scripting (XSS) de DOM • https://security.netapp.com/advisory/ntap-20220325-0008 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •