All Vulnerabilities

A cross-site scripting (XSS) vulnerability exists in Yoast plugin, used in WordPress, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

A persistent Cross Site Scripting (XSS) vulnerability has been found in the WooCommerce WordPress Plugin. An attacker can create a specially crafted image file which, when uploaded as a product image in WordPress, injects malicious JavaScript code into the application. An attacker can use this vulnerability to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, and performing arbitrary actions on their behalf.

A cross-site scripting (XSS) vulnerability exists in WangGuard plugin, used in WordPress, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

A cross-site scripting (XSS) vulnerability exists in WordPress Uji plugin, allow remote attackers to execute same-origin JavaScript functions via crafted parameter. A successful attack could lead sensitive information disclosure.

A cross-site scripting (XSS) vulnerability exists in Landing Pages plugin, used in WordPress, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

A cross-site scripting (XSS) vulnerability exists in FormBuilder plugin, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

A cross-site scripting (XSS) vulnerability exists in Count Per Day plugin, used in WordPress, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

WordPress Core is prone to a directory traversal vulnerability. A successful exploit of this vulnerability could allow attackers to read arbitrary files on the computer.

A cross-site scripting (XSS) vulnerability exists in All In One SEO Pack plugin, used in WordPress, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

A cross-site scripting (XSS) vulnerability exists in WordPress Activity Log plugin, allow remote attackers to execute same-origin JavaScript functions via crafted parameter. A successful attack could lead sensitive information disclosure.