Plugin Planet
plugin-planet
22 CVEs • 9 products
Products (9)
Click to collapseToggle
Products (9)
Click to collapse
CVEs (22)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Plugin Planet 1Simple Download Counter Apr 23, 2026 Apr 22, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Download Counter simple-download-counter allows Stored XSS.This issue affects Simple Download Counte...Show more |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha theme-switcha allows Stored XSS.This issue affects Theme Switcha: from n/a through <= 3.4. |
1Plugin Planet 1User Submitted Posts May 13, 2025 Jul 13, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...Show more |
1Plugin Planet 1Dashboard Widgets Suite Apr 8, 2026 Jun 13, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escap...Show more |
The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...Show more |
The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. |
1Plugin Planet 1User Submitted Posts Apr 28, 2026 Dec 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts fr...Show more |
1Plugin Planet 1Dashboard Widget Suite Apr 28, 2026 Dec 14, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4....Show more |
The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and out...Show more |
1Plugin Planet 1Simple Download Counter Nov 21, 2024 Sep 9, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping o...Show more |
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and ou...Show more |
1Plugin Planet 1User Submitted Posts Feb 11, 2025 Aug 15, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and...Show more |
1Plugin Planet 1User Submitted Posts Apr 8, 2026 Jun 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possibl...Show more |
1Plugin Planet 1Dashboard Widget Suite Nov 21, 2024 May 6, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions. |
1Plugin Planet 1Simple Ajax Chat Nov 21, 2024 Apr 15, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. |
1Plugin Planet 1Simple Ajax Chat Nov 21, 2024 Apr 15, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 |
1Plugin Planet 1Blackhole For Bad Bots Nov 21, 2024 Apr 4, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could...Show more |
1Plugin Planet 1Simple Ajax Chat Nov 21, 2024 Mar 25, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. |
2Fedoraproject Plugin Planet2Contact Form X FedoraNov 21, 2024 Mar 11, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). |
The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a lo...Show more |