Fullworksplugins
fullworksplugins
14 CVEs • 5 products
Products (5)
Click to collapseToggle
Products (5)
Click to collapse
CVEs (14)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Fullworksplugins 1Stop User Enumeration Jun 17, 2026 Jul 17, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path. |
1Fullworksplugins 1Quick Paypal Payments Jun 17, 2026 May 2, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...Show more |
1Fullworksplugins 1Quick Paypal Payments Jun 17, 2026 Apr 25, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. |
1Fullworksplugins 1Quick Contact Form Jun 17, 2026 Apr 25, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions. |
1Fullworksplugins 1Quick Paypal Payments Jun 17, 2026 Apr 7, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. |
1Fullworksplugins 1Quick Paypal Payments Jun 17, 2026 Apr 7, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. |
1Fullworksplugins 1Quick Contact Form Jun 17, 2026 Apr 7, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions. |
1Fullworksplugins 1Quick Event Manager Jun 17, 2026 Apr 6, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions. |
1Fullworksplugins 1Quick Event Manager Jun 17, 2026 Mar 28, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions. |
1Fullworksplugins 1Quick Event Manager Jun 17, 2026 Mar 1, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update). |
1Fullworksplugins 1Quick Event Manager Jun 17, 2026 Jan 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action. |
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress. |
1Fullworksplugins 1Stop User Enumeration Jan 23, 2026 Aug 21, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS. |
1Fullworksplugins 1Stop User Enumeration May 13, 2026 Nov 17, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Stop User Enumeration 1.3.8 allows user enumeration via the REST API |