CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47605 – WordPress WP jQuery DataTable <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-47605
07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AppJetty WP jQuery DataTable allows Stored XSS. This issue affects WP jQuery DataTable: from n/a through 4.1.0. The WP jQuery DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arb... • https://patchstack.com/database/wordpress/plugin/wp-jquery-datatable/vulnerability/wordpress-wp-jquery-datatable-4-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46514 – WordPress Milat jQuery Automatic Popup plugin <= 1.3.1 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-46514
24 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS. This issue affects Milat jQuery Automatic Popup: from n/a through 1.3.1. The Milat jQuery Automatic Popup plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged reque... • https://patchstack.com/database/wordpress/plugin/milat-jquery-automatic-popup/vulnerability/wordpress-milat-jquery-automatic-popup-plugin-1-3-1-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26954 – WordPress ZooEffect plugin <= 1.11 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26954
14 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 1pluginjquery ZooEffect allows Reflected XSS. This issue affects ZooEffect: from n/a through 1.11. The ZooEffect plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successful... • https://patchstack.com/database/wordpress/plugin/1-jquery-photo-gallery-slideshow-flash/vulnerability/wordpress-zooeffect-plugin-1-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30560 – WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-30560
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery Dropdown Menu allows Stored XSS. This issue affects jQuery Dropdown Menu: from n/a through 3.0. The jQuery Dropdown Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can tri... • https://patchstack.com/database/wordpress/plugin/jquery-drop-down-menu-plugin/vulnerability/wordpress-jquery-dropdown-menu-plugin-3-0-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22798 – WordPress Responsive jQuery Slider plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22798
13 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer Responsive jQuery Slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through 1.1.1. The Responsive jQuery Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov... • https://patchstack.com/database/wordpress/plugin/responsive-jquery-slider/vulnerability/wordpress-responsive-jquery-slider-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56287 – WordPress WP jQuery DataTable Plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56287
03 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biztechc WP jQuery DataTable allows Stored XSS.This issue affects WP jQuery DataTable: from n/a through 4.0.1. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en WP jQuery DataTable de biztechc permite XSS almacenado. Este problema afecta a WP jQuery DataTable: desde n/a hasta 4.0.1. The WP jQuery DataTable plugin for WordPress is vu... • https://patchstack.com/database/wordpress/plugin/wp-jquery-datatable/vulnerability/wordpress-wp-jquery-datatable-plugin-4-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24849 – WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24849
02 Feb 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Mark Stockton Quicksand Post Filter jQuery Plugin. Este problema afecta a Quicksand Post Filter jQuery Plugin: desde n/a hasta 3.1.1. The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1... • https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24850 – WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24850
02 Feb 2024 — Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. Vulnerabilidad de autorización faltante en Mark Stockton Quicksand Post Filter jQuery Plugin. Este problema afecta al complemento jQuery Quicksand Post Filter: desde n/a hasta 3.1.1. The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'quicksand_admi... • https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32850 – jQuery MiniColors vulnerable to Cross-site Scripting
https://notcve.org/view.php?id=CVE-2021-32850
20 Feb 2023 — jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6. • https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2144 – Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF
https://notcve.org/view.php?id=CVE-2022-2144
27 Jun 2022 — The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack El plugin Jquery Validation For Contact Form 7 de WordPress versiones anteriores a 5.3, no presenta una comprobación de tipo CSRF cuando es actualizada su configuración, lo que podría permitir a atacantes hacer que un administrador conectado cambie la... • https://wpscan.com/vulnerability/419054d4-95e8-4f4a-b864-a98b3e18435a • CWE-352: Cross-Site Request Forgery (CSRF) •