CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47177 – WordPress Linker Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47177
31 Oct 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yakir Sitbon, Ariel Klikstein Linker plugin <= 1.2.1 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Yakir Sitbon, Ariel Klikstein Linker en versiones <= 1.2.1. The Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.1 due to insufficient input sanitization and outp... • https://patchstack.com/database/vulnerability/linker/wordpress-linker-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2018-8729 – Activity Log <= 2.4.0 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-8729
08 Mar 2018 — Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. Múltiples vulnerabilidades Cross-Site Scripting (XSS) en el plugin Activity Log en versiones anteriores a la 2.4.1 para WordPress permiten que los atacantes remotos inyecten código HTML o JavaScript arbitrario mediante un título que no está escapado. WordPress Activity Log plugin version 2.4.0 suffers from a p... • https://packetstorm.news/files/id/147136 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10890 – Activity Log <= 2.3.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10890
03 Aug 2016 — The aryo-activity-log plugin before 2.3.2 for WordPress has XSS. El plugin aryo-activity-log anterior a la versión 2.3.2 para WordPress tiene XSS. The Activity Log plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into perform... • https://wordpress.org/plugins/aryo-activity-log/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10891 – Activity Log < 2.3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10891
03 Aug 2016 — The aryo-activity-log plugin before 2.3.3 for WordPress has XSS. El plugin aryo-activity-log anterior a la versión 2.3.3 para WordPress tiene XSS. The aryo-activity-log plugin before 2.3.3 for WordPress has XSS in the search_data parameter in the aryo-activity-log/classes/class-aal-activity-log-list-table.php file. • https://wordpress.org/plugins/aryo-activity-log/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •