← Back

Emarketdesign

emarketdesign

11 CVEs • 6 products

Products (6)

Click to collapse
Toggle

CVEs (11)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Emarketdesign
1Event Rsvp And Simple Event Management
Jun 17, 2026
Jun 26, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient...Show more
The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
1Emarketdesign
1Wp Easy Contact
Jun 17, 2026
Jun 4, 2025
N/A· v4
6.4 MEDIUM· v3
N/A· v2
The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to...Show more
The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
1Emarketdesign
1Request A Quote
Jun 17, 2026
Jul 23, 2024
N/A· v4
5.9 MEDIUM· v3
N/A· v2
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfil...Show more
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
1Emarketdesign
1Youtube Video Gallery
Jun 17, 2026
May 21, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_su...Show more
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it possible for unauthenticated attackers to create arbitrary posts or pages.Show less
1Emarketdesign
1Youtube Video Gallery
Jun 17, 2026
Oct 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.
1Emarketdesign
1Request A Quote
Jun 17, 2026
Jul 25, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin downloa...Show more
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open itShow less
1Emarketdesign
1Request A Quote
Jun 17, 2026
Jul 25, 2022
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capab...Show more
The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.Show less
1Emarketdesign
1Best Contact Management Software
Jun 17, 2026
Jul 17, 2022
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_...Show more
The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.Show less
1Emarketdesign
1Request A Quote
Jun 17, 2026
Oct 25, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_ht...Show more
The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.Show less
1Emarketdesign
1Customer Service Software & Support Ticket System
Jun 17, 2026
Oct 18, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site...Show more
The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.Show less
1Emarketdesign
1Request A Quote
Jun 17, 2026
Jul 12, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the '...Show more
The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table.Show less