Tag
#wordpress
The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
The wp-database-backup plugin before 5.1.2 for WordPress has XSS.
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.
The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.
The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter.