Search

Search Results (363643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4514 1 Alipay Project 1 Alipay 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function.
CVE-2014-4515 1 Anyfont Plugin Project 1 Anyfont 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter.
CVE-2014-4516 1 Bic Media Widget Plugin 1 Bic Media Widget 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter.
CVE-2014-4517 1 Cbi Referral Manager Project 1 Cbi Referral Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter.
CVE-2014-4518 1 D-coda 1 Contactme 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter.
CVE-2014-4520 1 Dmca 1 Dmca Watermarker 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter.
CVE-2014-4521 1 Diversesolutions 1 Dsidxpress Idx Plugin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2014-4522 1 Dssearchagent Project 1 Dssearchagent 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsSearchAgent: WordPress Edition plugin 1.0-beta10 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2014-4524 1 Wp Easy Post Types Project 1 Wp Easy Post Types 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in classes/custom-image/media.php in the WP Easy Post Types plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ref parameter.
CVE-2014-4526 1 Efence Project 1 Efence 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter.
CVE-2014-4527 1 Envialosimple 1 Email Marketing Y Newsletters 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.
CVE-2014-4528 1 Fbpromotions Project 1 Fbpromotions 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter.
CVE-2014-4529 2 Flash Photo Gallery Project, Wordpress 2 Flash Photo Gallery, Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter.
CVE-2014-4531 1 Game Tabs Project 1 Game Tabs 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter.
CVE-2014-4532 1 Garagesale Project 1 Garagesale 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in templates/printAdminUsersList_Footer.tpl.php in the GarageSale plugin before 1.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2014-4533 1 Geo Redirector Plugin Project 1 Geo Redirector 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hid_id parameter.
CVE-2014-4534 2 Html5 Video Player With Playlist Plugin Project, Wordpress 2 Html5 Video Player With Playlist Plugin, Wordpress 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) theme or (2) playlistmod parameter.
CVE-2014-4537 1 Keyword Strategy Internal Links Project 1 Keyword Strategy Internal Links 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) sort, (2) search, or (3) dir parameter.
CVE-2014-4538 1 Malware Finder Plugin Project 1 Malware Finder 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2014-4540 1 Oleggo Livestream Project 1 Oleggo Livestream 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_login_form.php in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the msg parameter.