#wordpress

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGens Swifty Bar, sticky bar by WPGens plugin <= 1.2.10 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in YYDevelopment Back To The Top Button plugin <= 2.1.5 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <= 1.0.2.2 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rescue Themes Rescue Shortcodes plugin <= 2.5 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennessey Digital Attorney theme <= 3 theme.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.