CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30599 – WordPress WP Parallax Content Slider plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-30599
24 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp-maverick WP Parallax Content Slider allows Stored XSS. This issue affects WP Parallax Content Slider: from n/a through 0.9.8. The WP Parallax Content Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access ... • https://patchstack.com/database/wordpress/plugin/wp-parallax-content-slider/vulnerability/wordpress-wp-parallax-content-slider-plugin-0-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29907 – jsPDF Bypass Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2025-29907
18 Mar 2025 — jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1. • https://github.com/parallax/jsPDF/commit/b167c43c27c466eb914b927885b06073708338df • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22330 – WordPress MG Parallax Slider plugin <= 1.0. - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22330
03 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Parallax Slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through 1.0.. The MG Parallax Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that... • https://patchstack.com/database/wordpress/plugin/mg-parallax-slider/vulnerability/wordpress-mg-parallax-slider-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51848 – WordPress Parallaxer plugin <= 1.00 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51848
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Zoom Studio Parallaxer allows Stored XSS.This issue affects Parallaxer: from n/a through 1.00. The Parallaxer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in... • https://patchstack.com/database/vulnerability/parallaxer-lite-parallax-effects-on-images/wordpress-parallaxer-plugin-1-00-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49334 – WordPress jLayer Parallax Slider plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49334
18 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unizoe Web Solutions jLayer Parallax Slider allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through 1.0. The jLayer Parallax Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we... • https://patchstack.com/database/vulnerability/jlayer-parallax-slider-wp/wordpress-jlayer-parallax-slider-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7413 – Parallax Scroll <= 2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-7413
03 Feb 2019 — In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within the PHP filename.) En el plugin Parallax Scroll (también conocido como adamrob-parallax-scroll), en versiones anteriores a la 2.1 para WordPress, "includes/adamrob-parralax-shortcode.php" permite Cross-Site Scripting (XSS) mediante el texto del título. ("parallax" tiene un cambio ortográfico dentro del nombre de ... • https://metamorfosec.com/Files/Advisories/METS-2019-004-A_XSS_Vulnerability_in_Parallax_Scroll_plugin_before_v2.1_for_WordPress.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-9484 – Accio | Responsive Onepage Parallax Agency WordPress Theme <= 1.1.0 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2015-9484
15 May 2015 — The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. El tema ThemeMakers Accio One Page Parallax Responsive versiones hasta el 15-05-2015 para WordPress, permite a atacantes remotos obtener información confidencial (tal y como valores de los parámetros user_login, user_pass y user_e... • https://packetstormsecurity.com/files/131957 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2015-9485 – Accio | Responsive Onepage Parallax Site Template < 1.1.1 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2015-9485
15 May 2015 — The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. El componente ThemeMakers Accio Responsive Parallax One Page Site Template versiones hasta el 15-05-2015 para WordPress, permite a atacantes remotos obtener información confidencial (tal y como valores de los par... • https://packetstormsecurity.com/files/131957 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •