Filtered by CWE-79
Total 45565 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-4545 1 Pro Quoter Plugin Project 1 Pro Quoter 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author parameter.
CVE-2014-4546 1 Rezgo Project 1 Rezgo 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the response parameter.
CVE-2014-4547 1 Rezgo 1 Online Booking 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for parameter.
CVE-2014-4549 1 Woocommerce Sagepay Direct Payment Gateway Project 1 Woocommerce Sagepay Direct Payment Gateway 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter.
CVE-2014-4560 1 Toolpage Project 1 Toolpage 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parameter.
CVE-2014-4563 1 Url Cloak \& Encrypt Project 1 Url Cloak \& Encrypt 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak & Encrypt (url-cloak-encrypt) plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2014-4564 1 Validated Plugin Project 1 Validated Plugin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter.
CVE-2014-4565 1 Verification Code For Comments Project 1 Verification Code For Comments 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) vp, (2) vs, (3) l, (4) vu, or (5) vm parameter.
CVE-2014-4569 1 Videowhisper 1 Videowhisper Live Streaming Integration 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.
CVE-2014-4570 1 Videowhisper 1 Video Presentation 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/.
CVE-2014-4571 1 Vn-calendar Project 1 Vn-calendar 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter.
CVE-2014-4572 1 Votecount For Balatarin Project 1 Votecount For Balatarin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter.
CVE-2014-4573 1 Walk Score Project 1 Walk Score 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php in the Walk Score plugin 0.5.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) o parameter.
CVE-2014-4576 1 Wordpress Social Login Project 1 Wordpress Social Login 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter.
CVE-2014-4587 1 Wp Guestmap Project 1 Wp Guestmap Project 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php.
CVE-2014-4588 1 Hot Files\ 1 File Sharing And Download Manager Project 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid parameter.
CVE-2014-4590 1 Wp Microblogs Project 1 Wp Microblogs 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauth_verifier parameter.
CVE-2014-4591 1 Wp Picasa Image Project 1 Wp Picasa Image 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in picasa_upload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.
CVE-2014-4593 1 Wp Plugin Manager Project 1 Wp Plugin Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
CVE-2014-4604 1 Your-text-manager Project 1 Your-text-manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ytmpw parameter.