← Back

Fullworksplugins

fullworksplugins

14 CVEs • 5 products

Products (5)

Click to collapse
Toggle

CVEs (14)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Fullworksplugins
1Stop User Enumeration
Jun 17, 2026
Jul 17, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.
1Fullworksplugins
1Quick Paypal Payments
Jun 17, 2026
May 2, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...Show more
The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
1Fullworksplugins
1Quick Paypal Payments
Jun 17, 2026
Apr 25, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
1Fullworksplugins
1Quick Contact Form
Jun 17, 2026
Apr 25, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.
1Fullworksplugins
1Quick Paypal Payments
Jun 17, 2026
Apr 7, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
1Fullworksplugins
1Quick Paypal Payments
Jun 17, 2026
Apr 7, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
1Fullworksplugins
1Quick Contact Form
Jun 17, 2026
Apr 7, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.
1Fullworksplugins
1Quick Event Manager
Jun 17, 2026
Apr 6, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.
1Fullworksplugins
1Quick Event Manager
Jun 17, 2026
Mar 28, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions.
1Fullworksplugins
1Quick Event Manager
Jun 17, 2026
Mar 1, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).
1Fullworksplugins
1Quick Event Manager
Jun 17, 2026
Jan 20, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.
1Fullworksplugins
1Meet My Team
Jun 17, 2026
Sep 23, 2022
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress.
1Fullworksplugins
1Stop User Enumeration
Jan 23, 2026
Aug 21, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.
1Fullworksplugins
1Stop User Enumeration
May 13, 2026
Nov 17, 2017
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Stop User Enumeration 1.3.8 allows user enumeration via the REST API