Filtered by CWE-79
Total 45571 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-4552 1 Spotlightyour 1 Spotlightyour 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter.
CVE-2014-4554 1 Ss Downloads Project 1 Ss Downloads 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2014-4555 1 Style It Project 1 Style It 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
CVE-2014-4556 1 Swipe Checkout For Eshop Project 1 Swipe Checkout For Eshop 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
CVE-2014-4569 1 Videowhisper 1 Videowhisper Live Streaming Integration 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.
CVE-2014-4570 1 Videowhisper 1 Video Presentation 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/.
CVE-2014-4571 1 Vn-calendar Project 1 Vn-calendar 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter.
CVE-2014-4572 1 Votecount For Balatarin Project 1 Votecount For Balatarin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter.
CVE-2014-4573 1 Walk Score Project 1 Walk Score 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php in the Walk Score plugin 0.5.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) o parameter.
CVE-2014-4576 1 Wordpress Social Login Project 1 Wordpress Social Login 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter.
CVE-2014-4587 1 Wp Guestmap Project 1 Wp Guestmap Project 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php.
CVE-2014-4588 1 Hot Files\ 1 File Sharing And Download Manager Project 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid parameter.
CVE-2014-4590 1 Wp Microblogs Project 1 Wp Microblogs 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauth_verifier parameter.
CVE-2014-4591 1 Wp Picasa Image Project 1 Wp Picasa Image 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in picasa_upload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.
CVE-2014-4593 1 Wp Plugin Manager Project 1 Wp Plugin Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
CVE-2014-4604 1 Your-text-manager Project 1 Your-text-manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ytmpw parameter.
CVE-2014-4605 1 Zdstatistics Project 1 Zdstatistics 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in cal/test.php in the ZdStatistics (zdstats) plugin 2.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2014-4606 1 Zeenshare Project 1 Zeenshare 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php in the ZeenShare plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the zs_sid parameter.
CVE-2014-4687 1 Netgate 1 Pfsense 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter to services_status.widget.php, (4) the txtRecallBuffer parameter to exec.php, or (5) the HTTP Referer header to log.widget.php.
CVE-2014-4719 1 Usvn 1 User-friendly Svn 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the login panel (svn/login/) in User-Friendly SVN (aka USVN) before 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the username field.