The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which…

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user…

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the…

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client, which could allow any…

The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post…

The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where…

The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back…

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post…

Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni Map Multi Marker plugin <= 3.2.1 versions. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16.…