CVE-2022-40047 Flatpress v1.2.1 has an XSS vulnerability via the page parameter in the admin section.
An attacker can inject malicious script code in the page parameter to execute arbitrary script code in the browser of an unsuspecting user through this
CVE-2021-36913 An Injection vulnerability in the Qube One plugin for Contact Form 7 allows attackers to change options and inject scripts into the footer HTML.
Unauthenticated user can inject malicious script in the footer of your website. The attack vector is in the redirection setting of the plugin. The settings
CVE-2021-36899 Reflected XSS vulnerability in the Asset CleanUp: Page Speed Booster plugin = 1.3.8.4 at WordPress.
The vulnerability allows an attacker to inject malicious code into the website's database by manipulating vulnerable input fields. This can lead to data
CVE-2022-33978 Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress.
FontMeister is a WordPress plugin that allows you to easily manage your WordPress site’s fonts. FontMeister can be installed on a site directly or
CVE-2022-2448 The reSmush.it WordPress plugin before 0.4.6 has settings that could allow high-privilege users to perform Stored Cross-site Scripting attacks.
For example, if you have a WordPress site that allows guest users and you have a post or page with Rich Media like Image or
Episode
00:00:00
00:00:00