Tag
#wordpress
The events-manager plugin before 5.6 for WordPress has code injection.
The simple-fields plugin before 1.4.11 for WordPress has XSS.
The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.
The simple-membership plugin before 3.5.7 for WordPress has XSS.
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
The wp-database-backup plugin before 5.1.2 for WordPress has XSS.
The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.
The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.