WP XSS MAY 2025 - WP Cross-Site Scripting
Managed WP/Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS MAY 2025 is a +68% INCREASE, compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed WP Security.
The following cases made headlines PUBLICLY just last month in the WP XSS MAY 2025 & WP Cross-Site Scripting category:
| 1 Decembrie 1918 | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| 360 View | Cross-Site Scripting (XSS) |
| 5sterrenspecialist | Cross-Site Scripting (XSS) |
| AAWP Obfuscator | Cross-Site Scripting (XSS) |
| AB Google Map Travel | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| ABA PayWay Payment Gateway for WooCommerce | Cross-Site Scripting (XSS) |
| ABC Notation | Cross-Site Scripting (XSS) |
| Able Player | Cross-Site Scripting (XSS) |
| Access Areas | Cross-Site Scripting (XSS) |
| ACF: Google Font Selector | Cross-Site Scripting (XSS) |
| ActiveCampaign | Cross-Site Scripting (XSS) |
| Activity Reactions For Buddypress | Cross-Site Scripting (XSS) |
| Add Google +1 (Plus one) social share Button | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Add to Header | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Additional Custom Product Tabs for WooCommerce | Cross-Site Scripting (XSS) |
| Admin Menu Post List | Cross-Site Scripting (XSS) |
| Administrator Z | Cross-Site Scripting (XSS) |
| AdminQuickbar | Cross-Site Scripting (XSS) |
| Advance WP Query Search Filter | Cross-Site Scripting (XSS) |
| Advanced Accordion Gutenberg Block | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Advanced Custom Fields: Link Picker Field | Cross-Site Scripting (XSS) |
| Advanced Form Integration | Cross-Site Scripting (XSS) |
| Advanced lazy load | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Advanced Search by My Solr Server | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Advanced Tag Lists | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Advanced Typekit | Cross-Site Scripting (XSS) |
| Advanced Woo Labels | Cross-Site Scripting (XSS) |
| AF Tell a Friend | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Affiliate Links Lite | Cross-Site Scripting (XSS) |
| AI Content Pipelines | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| AI Search Bar | Cross-Site Scripting (XSS) |
| Ajax Comment Form CST | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| ALD Login Page | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Amazon Showcase WordPress Plugin | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Anything Popup | Cross-Site Scripting (XSS) |
| Arconix FAQ | Cross-Site Scripting (XSS) |
| Aria Font | Cross-Site Scripting (XSS) |
| Arigato Autoresponder and Newsletter | Cross-Site Scripting (XSS) |
| Arkhe Theme Blocks | Cross-Site Scripting (XSS) |
| Arrow Custom Feed for Twitter | Cross-Site Scripting (XSS) |
| Asgaros Forum | Cross-Site Scripting (XSS) |
| AT Internet SmartTag | Cross-Site Scripting (XSS) |
| AtomChat | Cross-Site Scripting (XSS) |
| Attendance Manager | Cross-Site Scripting (XSS) |
| Author Bio Shortcode | Cross-Site Scripting (XSS) |
| Author Box After Posts | Cross-Site Scripting (XSS) |
| Author WIP Progress Bar | Cross-Site Scripting (XSS) |
| Auto scroll for reading | Cross-Site Scripting (XSS) |
| Automatic Ban IP | Cross-Site Scripting (XSS) |
| Awesome Event Booking | Cross-Site Scripting (XSS) |
| Awesome Logos | Cross-Site Scripting (XSS) |
| Awesome Wp Image Gallery | Cross-Site Scripting (XSS) |
| AWSA Shipping | Cross-Site Scripting (XSS) |
| B Blocks | Cross-Site Scripting (XSS) |
| BBCode Deluxe | Cross-Site Scripting (XSS) |
| bbPress2 shortcode whitelist | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Beam me up Scotty – Back to Top Button | Cross-Site Scripting (XSS) |
| Beds24 Online Booking | Cross-Site Scripting (XSS) |
| Best Posts Summary | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Betheme Theme | Cross-Site Scripting (XSS) |
| Big Boom Directory | Cross-Site Scripting (XSS) |
| Bit Form – Contact Form Plugin | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Black Widgets For Elementor | Cross-Site Scripting (XSS) |
| BlockWheels | Cross-Site Scripting (XSS) |
| Blog Manager WP | Cross-Site Scripting (XSS) |
| Blubrry PowerPress Podcasting plugin MultiSite add-on | Cross-Site Scripting (XSS) |
| Boo Recipes | Cross-Site Scripting (XSS) |
| Booster for WooCommerce | Unauthenticated Cross-Site Scripting (XSS) |
| Booster for WooCommerce | Unauthenticated Cross-Site Scripting (XSS) |
| Booster Plus for WooCommerce | Cross-Site Scripting (XSS) |
| Botnet Attack Blocker | Cross-Site Scripting (XSS) |
| BP Social Connect | Cross-Site Scripting (XSS) |
| Breaking News WP | Cross-Site Scripting (XSS) |
| Breeze Display | Cross-Site Scripting (XSS) from cal_size Parameter |
| Bridge Core | Cross-Site Scripting (XSS) |
| Brizy | Cross-Site Scripting (XSS) |
| Broadstreet | Cross-Site Scripting (XSS) |
| Broken Links Remover | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| BruteGuard – Brute Force Login Protection | Cross-Site Scripting (XSS) |
| BuddyPress Members Only | Cross-Site Scripting (XSS) |
| Bulk Theme NoIndex & NoFollow Toolkit | Cross-Site Scripting (XSS) |
| Bulk Theme Page Stub Creator | Cross-Site Scripting (XSS) |
| Business Contact Widget | Cross-Site Scripting (XSS) |
| BWD Elementor Addons | Cross-Site Scripting (XSS) |
| byBrick Accordion | Cross-Site Scripting (XSS) |
| C9 Blocks | Cross-Site Scripting (XSS) |
| Cache control by Cacholong | Cross-Site Scripting (XSS) |
| Cal.com | Cross-Site Scripting (XSS) |
| Calculated Fields Form | Cross-Site Scripting (XSS) |
| Calculated Fields Form | Cross-Site Scripting (XSS) |
| Call Now PHT Blog | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Canonical Attachments | Cross-Site Scripting (XSS) |
| Carousel-of-post-images | Cross-Site Scripting (XSS) |
| Cart66 Cloud | Cross-Site Scripting (XSS) |
| Category Posts Widget | Cross-Site Scripting (XSS) |
| CF7 Spreadsheets | Cross-Site Scripting (XSS) |
| CG Scroll To Top | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| CGM Event Calendar | Cross-Site Scripting (XSS) |
| Chamber Dashboard Business Directory | Cross-Site Scripting (XSS) |
| Chat2 | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| CheckBot | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Checklist | Cross-Site Scripting (XSS) |
| Checkout Files Upload for WooCommerce | Cross-Site Scripting (XSS) |
| Checkout for PayPal | Cross-Site Scripting (XSS) |
| ChillPay WooCommerce | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Church Admin | Cross-Site Scripting (XSS) |
| Client Showcase | Cross-Site Scripting (XSS) |
| Clinked Client Portal | Cross-Site Scripting (XSS) |
| CM Header and Footer | Cross-Site Scripting (XSS) |
| Codescar Radio Widget | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Colibri Page Builder | Cross-Site Scripting (XSS) |
| Coming Soon Countdown | Cross-Site Scripting (XSS) |
| Comment Validation Reloaded | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Confirm User Registration | Cross-Site Scripting (XSS) |
| Connector to CiviCRM with CiviMcRestFace | Cross-Site Scripting (XSS) |
| Contact Form & SMTP Plugin | Cross-Site Scripting (XSS) |
| Contact Form 7 Calendar | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Contact Form Builder by vcita | Cross-Site Scripting (XSS) |
| Contact Form by Supsystic | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) from saveAsCopy AJAX Action |
| Contact Form vCard Generator | Cross-Site Scripting (XSS) |
| Contact Form vCard Generator | Cross-Site Scripting (XSS) |
| Contempo Real Estate Core | Cross-Site Scripting (XSS) from Shortcode |
| Content Manager Light | Cross-Site Scripting (XSS) |
| ContentBot AI Writer | Cross-Site Scripting (XSS) |
| Control Listings | Cross-Site Scripting (XSS) |
| cookieBAR | Cross-Site Scripting (XSS) |
| CookieHint WP | Cross-Site Scripting (XSS) |
| Cool Flipbox – Shortcode & Gutenberg Block | Cross-Site Scripting (XSS) |
| Cost Calculator Builder | Cross-Site Scripting (XSS) |
| Coupon Affiliates | Cross-Site Scripting (XSS) from 'commission_summary' Parameter |
| CoverManager | Cross-Site Scripting (XSS) |
| COVID-19 (Coronavirus) Update Your Customers | Cross-Site Scripting (XSS) |
| Credova_Financial | Cross-Site Scripting (XSS) |
| CRM Perks | Cross-Site Scripting (XSS) |
| Crowdfunding for WooCommerce | Cross-Site Scripting (XSS) |
| Custom Admin-Bar Favorites | Cross-Site Scripting (XSS) |
| Custom Content Scrollbar | Cross-Site Scripting (XSS) |
| Custom Database Applications by Caspio | Cross-Site Scripting (XSS) |
| Custom Functions Plugin | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Custom Posts Order | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Custom Related Posts | Cross-Site Scripting (XSS) |
| Custom Smilies | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Czater.pl – live chat i telefon | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Dashboard Notepads | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| DeBounce Email Validator | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Debug Log Manager | Cross-Site Scripting (XSS) |
| Delete Post Revision | Cross-Site Scripting (XSS) |
| Deliver from Shipos for WooCommerce | Cross-Site Scripting (XSS) |
| Design Blocks | Cross-Site Scripting (XSS) |
| Digihood HTML Sitemap | Cross-Site Scripting (XSS) |
| Dima Take Action | Cross-Site Scripting (XSS) |
| Directorist AddonsKit for Elementor | Cross-Site Scripting (XSS) |
| DN Shipping by Weight for WooCommerce | Cross-Site Scripting (XSS) |
| DobsonDev Shortcodes | Cross-Site Scripting (XSS) |
| Document Management System | Cross-Site Scripting (XSS) |
| Donate Me | Cross-Site Scripting (XSS) |
| Doppler Forms | Cross-Site Scripting (XSS) |
| Doppler Forms | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Download Manager | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Drop Caps | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Dropdown Content | Cross-Site Scripting (XSS) |
| DSGVO Youtube | Cross-Site Scripting (XSS) |
| Easy Contact | Cross-Site Scripting (XSS) |
| Easy Custom CSS | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Easy Magazine | Cross-Site Scripting (XSS) |
| Easy Post Duplicator | Cross-Site Scripting (XSS) |
| Ebook Downloader | Cross-Site Scripting (XSS) |
| Ebook Downloader | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Ecwid Shopping Cart | Cross-Site Scripting (XSS) |
| eForm - WordPress Form Builder | Unauthenticated Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | DOM-Based Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
| Elements kit Elementor addons | Cross-Site Scripting (XSS) |
| Elfsight Testimonials Slider | Cross-Site Scripting (XSS) |
| Email Subscribers & Newsletters | Cross-Site Scripting (XSS) in Template |
| Email Subscribers & Newsletters | Cross-Site Scripting (XSS) |
| Embed Chessboard | Cross-Site Scripting (XSS) |
| Emma for WordPress | Cross-Site Scripting (XSS) |
| Enable Media Replace | Cross-Site Scripting (XSS) |
| Enhanced Paypal Shortcodes | Cross-Site Scripting (XSS) |
| ePaper Lister for Yumpu | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Epeken All Kurir | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Ethiopian Calendar | Cross-Site Scripting (XSS) |
| Event post | Cross-Site Scripting (XSS) |
| Eventbee RSVP Widget | Cross-Site Scripting (XSS) |
| Everest Forms | Cross-Site Scripting (XSS) |
| Exit Popup Free | Cross-Site Scripting (XSS) |
| Extensions for Elementor | Cross-Site Scripting (XSS) |
| External Markdown | Cross-Site Scripting (XSS) |
| ez Form Calculator - WordPress plugin | Cross-Site Scripting (XSS) |
| Fable Extra | Cross-Site Scripting (XSS) |
| FancyPost | Cross-Site Scripting (XSS) |
| Fazyvo Theme | Cross-Site Scripting (XSS) |
| Feedify – Web Push Notifications | Cross-Site Scripting (XSS) |
| FireDrum Email Marketing | Cross-Site Scripting (XSS) |
| Flag Icons | Cross-Site Scripting (XSS) |
| Flags Widget | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Flickr Photostream | Cross-Site Scripting (XSS) |
| Floating Social Bar | Cross-Site Scripting (XSS) |
| FluentForm | Cross-Site Scripting (XSS) |
| Foliopress WYSIWYG | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Follow Us Badges | Cross-Site Scripting (XSS) |
| Fonts Manager | Custom Fonts | Cross-Site Scripting (XSS) |
| FooBox Image Lightbox | Cross-Site Scripting (XSS) |
| Footnotes for WordPress | Cross-Site Scripting (XSS) |
| Form Maker by 10Web | Cross-Site Scripting (XSS) |
| Forminator | Cross-Site Scripting (XSS) from 'limit' |
| FraudLabs Pro for WooCommerce | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| FrescoChat Live Chat | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Frizzly | Cross-Site Scripting (XSS) |
| Front End Users | Cross-Site Scripting (XSS) |
| FS Poster | Cross-Site Scripting (XSS) |
| FunnelCockpit | Cross-Site Scripting (XSS) |
| FuseDesk | Cross-Site Scripting (XSS) from successredirect Parameter |
| Fusion | Cross-Site Scripting (XSS) |
| Fusion Builder | Cross-Site Scripting (XSS) |
| Gallery – Photo Albums Plugin | Cross-Site Scripting (XSS) |
| GB Gallery Slideshow | Cross-Site Scripting (XSS) |
| Gift Certificate Creator | Cross-Site Scripting (XSS) from receip_address Parameter |
| Giveaways and Contests by RafflePress | Cross-Site Scripting (XSS) |
| Global Gallery | Cross-Site Scripting (XSS) |
| Glossy Blog Theme | Cross-Site Scripting (XSS) |
| GNA Search Shortcode | Cross-Site Scripting (XSS) |
| Google News | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Gosign – Posts Slider Block | Cross-Site Scripting (XSS) |
| Gravel Theme | Cross-Site Scripting (XSS) |
| Gravity Forms CSS Themes with Fontawesome and Placeholders | Cross-Site Scripting (XSS) |
| Groundhogg | Cross-Site Scripting (XSS) from label Parameter |
| GTDB Guitar Tuners | Cross-Site Scripting (XSS) |
| Gutena Kit – Gutenberg Blocks and Templates | Cross-Site Scripting (XSS) |
| Gutenify | Cross-Site Scripting (XSS) |
| GutenKit | Cross-Site Scripting (XSS) |
| Gutenverse | Cross-Site Scripting (XSS) from countdown Block |
| Hamburger Icon Menu Lite | Cross-Site Scripting (XSS) |
| Hive Support | Cross-Site Scripting (XSS) |
| Hive Support | Cross-Site Scripting (XSS) |
| HMH Footer Builder For Elementor | Cross-Site Scripting (XSS) |
| Home Services Theme | Cross-Site Scripting (XSS) |
| Hospital Management System | Cross-Site Scripting (XSS) |
| HTML Forms | Cross-Site Scripting (XSS) |
| HTML Forms | Cross-Site Scripting (XSS) |
| Html5 Audio Player | Cross-Site Scripting (XSS) |
| HTML5 Video Player with Playlist | Cross-Site Scripting (XSS) |
| Hyperlink Group Block | Cross-Site Scripting (XSS) |
| Hypotext | Cross-Site Scripting (XSS) |
| iCal Feeds | Cross-Site Scripting (XSS) |
| Icegram | Cross-Site Scripting (XSS) |
| Image Hover Effects For WPBakery Page Builder | Cross-Site Scripting (XSS) |
| Image Style Hover | Cross-Site Scripting (XSS) |
| IMPress for IDX Broker | Cross-Site Scripting (XSS) |
| Infusionsoft Web Form JavaScript | Cross-Site Scripting (XSS) |
| Inline Text Popup | Cross-Site Scripting (XSS) |
| Insert HTML Here | Cross-Site Scripting (XSS) |
| Interactive Geo Maps | Cross-Site Scripting (XSS) |
| Interactive US Map | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Internal Link Optimiser | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| iONE360 configurator | Cross-Site Scripting (XSS) |
| IP2Location Variables | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| IP2Location World Clock | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| JetBlocks For Elementor | Cross-Site Scripting (XSS) |
| JetBlog | Cross-Site Scripting (XSS) |
| JetElements For Elementor | Cross-Site Scripting (XSS) |
| JetEngine | Cross-Site Scripting (XSS) |
| JetProductGallery | Cross-Site Scripting (XSS) |
| JetSearch | Cross-Site Scripting (XSS) |
| JetSmartFilters | Cross-Site Scripting (XSS) |
| JetTabs | Cross-Site Scripting (XSS) |
| JSON Structuring Markup | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| KeyCAPTCHA | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| KiotViet Sync | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) |
| Landing pages and Domain aliases for WordPress | Cross-Site Scripting (XSS) |
| Language Field | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Latest Custom Post Type Updates | Cross-Site Scripting (XSS) |
| Leadfox for WordPress | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| LeadLab by wiredminds | Cross-Site Scripting (XSS) |
| LeadQuizzes | Cross-Site Scripting (XSS) |
| Leartes TRY Exchange Rates | Cross-Site Scripting (XSS) |
| Lexicata | Cross-Site Scripting (XSS) |
| Libro de Reclamaciones | Cross-Site Scripting (XSS) |
| Libro de Reclamaciones y Quejas | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| License For Envato | Cross-Site Scripting (XSS) |
| License Manager for WooCommerce | Cross-Site Scripting (XSS) |
| Lightweight and Responsive Youtube Embed | Cross-Site Scripting (XSS) |
| Lightweight and Responsive Youtube Embed | Cross-Site Scripting (XSS) |
| Limit Max IPs Per User | Cross-Site Scripting (XSS) |
| Link Library | Cross-Site Scripting (XSS) from Link Additional Parameters |
| Link Library | Cross-Site Scripting (XSS) |
| Link Shield | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| List Last Changes | Cross-Site Scripting (XSS) |
| Listings for Buildium | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Loan Calculator | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Lock Your Updates | Cross-Site Scripting (XSS) |
| Login Manager | Cross-Site Scripting (XSS) from Custom URL |
| Logo Carousel Slider | Cross-Site Scripting (XSS) |
| Lottie Player block - Implement Lottie animations. | Cross-Site Scripting (XSS) from File Upload (BAC) |
| LSD Custom taxonomy and category meta | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| LuckyWP Table of Contents | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Mad Mimi for WordPress | Cross-Site Scripting (XSS) |
| Magical Blocks | Cross-Site Scripting (XSS) |
| Make Email Customizer for WooCommerce | Cross-Site Scripting (XSS) |
| Mang Board WP | Cross-Site Scripting (XSS) from Board Header And Footer |
| MapPress Maps for WordPress | Cross-Site Scripting (XSS) |
| MapPress Maps for WordPress | Cross-Site Scripting (XSS) |
| Maps for WP | Cross-Site Scripting (XSS) |
| MapSVG Lite | Cross-Site Scripting (XSS) |
| Marketer Addons | Cross-Site Scripting (XSS) |
| MaxButtons | Cross-Site Scripting (XSS) |
| Media Library Assistant | Cross-Site Scripting (XSS) |
| MediaView | Cross-Site Scripting (XSS) |
| Memberpress | Cross-Site Scripting (XSS) |
| Membership For WooCommerce | Cross-Site Scripting (XSS) |
| Mergado Pack | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| mFolio Lite | Cross-Site Scripting (XSS) |
| Milat jQuery Automatic Popup | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Mini twitter feed | Cross-Site Scripting (XSS) |
| Mixcloud Embed | Cross-Site Scripting (XSS) |
| MMX – Make Me Christmas | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Mobile Pages | Cross-Site Scripting (XSS) |
| Mobile Smart | Cross-Site Scripting (XSS) |
| Modal Survey | Cross-Site Scripting (XSS) |
| Modern Polls | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Modula Image Gallery | DOM-Based Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| More Mime Type Filters | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Most And Least Read Posts Widget | Cross-Site Scripting (XSS) |
| Motors | Cross-Site Scripting (XSS) |
| Motors | Cross-Site Scripting (XSS) |
| MPL-Publisher | Cross-Site Scripting (XSS) |
| MSRP (RRP) Pricing for WooCommerce | Cross-Site Scripting (XSS) |
| Multi-Column Taxonomy List | Cross-Site Scripting (XSS) |
| MultiMailer | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| MultiMailer | Cross-Site Scripting (XSS) |
| Multiple Location Google Map | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Musician's Pack for Elementor | Cross-Site Scripting (XSS) |
| MX Time Zone Clocks | Cross-Site Scripting (XSS) |
| My Custom Widgets | Cross-Site Scripting (XSS) |
| My Marginalia | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| MyBookProgress by Stormhill Media | Cross-Site Scripting (XSS) |
| MyWorks WooCommerce Sync for QuickBooks Online | Cross-Site Scripting (XSS) |
| NanoSupport | Cross-Site Scripting (XSS) |
| Nav Menu Manager | Cross-Site Scripting (XSS) |
| Nemesis All-in-One | Cross-Site Scripting (XSS) |
| Nepali Date Converter | Cross-Site Scripting (XSS) |
| Nepali Date Utilities | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Nepali Post Date | Cross-Site Scripting (XSS) |
| News Element Elementor Blog Magazine | Cross-Site Scripting (XSS) |
| News Kit Elementor Addons | Cross-Site Scripting (XSS) |
| News, Magazine and Blog Elements | Cross-Site Scripting (XSS) |
| NewsBoard Post and RSS Scroller | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Ni WooCommerce Cost Of Goods | Cross-Site Scripting (XSS) |
| Nimbata Call Tracking | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Nino Social Connect | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Norse Rune Oracle Plugin | Cross-Site Scripting (XSS) |
| Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme | Cross-Site Scripting (XSS) |
| Nova Blocks by Pixelgrade | Cross-Site Scripting (XSS) |
| occupancyplan | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Ocean Extra | Cross-Site Scripting (XSS) from Shortcode |
| One Click Accessibility | Cross-Site Scripting (XSS) |
| Opal Portfolio | Cross-Site Scripting (XSS) |
| OpenMenu | Cross-Site Scripting (XSS) |
| Oppso Unit Converter | Cross-Site Scripting (XSS) |
| Oracle Cards Lite | Cross-Site Scripting (XSS) |
| OSM – OpenStreetMap | Cross-Site Scripting (XSS) |
| Pages Order | Cross-Site Scripting (XSS) |
| Pagopar – WooCommerce Gateway | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Payment Form for PayPal Pro | Cross-Site Scripting (XSS) |
| Payment Forms for Paystack | Cross-Site Scripting (XSS) |
| PDF Generator Addon for Elementor Page Builder | Cross-Site Scripting (XSS) |
| Peadig’s Google +1 Button | Cross-Site Scripting (XSS) |
| Peekaboo | Cross-Site Scripting (XSS) |
| PeproDev CF7 Database | Cross-Site Scripting (XSS) |
| Perfect Font Awesome Integration | Cross-Site Scripting (XSS) |
| Photo Gallery by 10Web | Unauthenticated Cross-Site Scripting (XSS) |
| Photo Gallery by 10Web | Cross-Site Scripting (XSS) from 'image_id' Parameter |
| Photobox Theme | Cross-Site Scripting (XSS) |
| PhotoShelter for Photographers Blog Feed Plugin | Cross-Site Scripting (XSS) |
| Piotnet Addons For Elementor | Cross-Site Scripting (XSS) |
| Piotnet Forms | Cross-Site Scripting (XSS) |
| Piotnet Forms | Cross-Site Scripting (XSS) |
| PlainInventory | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Planyo online reservation system | Cross-Site Scripting (XSS) |
| Plugin Oficial – Getnet para WooCommerce | Cross-Site Scripting (XSS) |
| Plugin Upgrade Time Out | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| Popping Content Light | Cross-Site Scripting (XSS) |
| Post Custom Templates Lite | Cross-Site Scripting (XSS) |
| Post in page for Elementor | Cross-Site Scripting (XSS) |
| Posten | Cross-Site Scripting (XSS) |
| PostmarkApp Email Integrator | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Posts Footer Manager | Cross-Site Scripting (XSS) |
| Posts for Page | Cross-Site Scripting (XSS) |
| PowerPack Addons for Elementor | Cross-Site Scripting (XSS) |
| PowerPress Podcasting | Cross-Site Scripting (XSS) |
| PowerPress Podcasting | Cross-Site Scripting (XSS) from Podcast URL |
| Print Science Designer | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Processing Projects | Cross-Site Scripting (XSS) |
| Product Excel Import Export & Bulk Theme Edit for WooCommerce | Cross-Site Scripting (XSS) |
| Product Table by WBW | Cross-Site Scripting (XSS) |
| Profile Builder | Cross-Site Scripting (XSS) from Shortcode |
| PropertyHive | Cross-Site Scripting (XSS) |
| QR Master | Cross-Site Scripting (XSS) |
| Quantity Dynamic Pricing & Bulk Theme Discounts for WooCommerce | Cross-Site Scripting (XSS) |
| Question Answer | Cross-Site Scripting (XSS) |
| RAphicon | Cross-Site Scripting (XSS) |
| Raptive Ads | Cross-Site Scripting (XSS) |
| Real Testimonials | Cross-Site Scripting (XSS) |
| Redirect wordpress to welcome or landing page | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| RegistrationMagic | Cross-Site Scripting (XSS) |
| Related Posts from Taxonomies | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Related Posts Widget with Thumbnails | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Related Videos for JW Player | Cross-Site Scripting (XSS) |
| RentSyst | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Request Call Back | Cross-Site Scripting (XSS) |
| Rescue Shortcodes | Cross-Site Scripting (XSS) |
| Responsive Blocks | Cross-Site Scripting (XSS) |
| Responsive Slider by MetaSlider | Cross-Site Scripting (XSS) |
| Restrict User Registration | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| RestroPress | Cross-Site Scripting (XSS) |
| Revamp CRM for WooCommerce | Cross-Site Scripting (XSS) |
| REVE Chat | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Review Stream | Cross-Site Scripting (XSS) |
| Revision Diet | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Rezo Theme | Cross-Site Scripting (XSS) |
| Rich Text Editor | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Right Click Disable OR Ban | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Rio Video Gallery | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Royal Elementor Addons | Cross-Site Scripting (XSS) |
| Royal Elementor Addons | DOM-Based Cross-Site Scripting (XSS) |
| RRSSB | Cross-Site Scripting (XSS) |
| RS Elements Elementor Addon | Cross-Site Scripting (XSS) |
| RSS Manager | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Run Contests, Raffles, and Giveaways with ContestsWP | Cross-Site Scripting (XSS) |
| Run Contests, Raffles, and Giveaways with ContestsWP | Cross-Site Scripting (XSS) |
| SB Chart block | Cross-Site Scripting (XSS) from className Parameter |
| Scheduled | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Script Compressor | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Scriptless Social Sharing | Cross-Site Scripting (XSS) |
| Search engine keywords highlighter | Cross-Site Scripting (XSS) |
| Search, Filters & Merchandising for WooCommerce | Cross-Site Scripting (XSS) |
| Secure Copy Content Protection and Content Locking | Cross-Site Scripting (XSS) |
| Secure Copy Content Protection and Content Locking | Cross-Site Scripting (XSS) |
| Send E-mail | Cross-Site Scripting (XSS) |
| Send From | Cross-Site Scripting (XSS) |
| SEO Tools | Cross-Site Scripting (XSS) |
| SEO, Nutrition and Print for Recipes by Edamam | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Sequel | Cross-Site Scripting (XSS) |
| Seriously Simple Podcasting | Cross-Site Scripting (XSS) |
| SERPed.net | Cross-Site Scripting (XSS) |
| Sheet2Site | Cross-Site Scripting (XSS) |
| SheetDB | Cross-Site Scripting (XSS) |
| ShopCred | Cross-Site Scripting (XSS) |
| Shopo Theme | Cross-Site Scripting (XSS) |
| Showeblogin Social | Cross-Site Scripting (XSS) |
| Sidebar Manager Light | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Silvasoft boekhouden | Cross-Site Scripting (XSS) |
| Simple Banner | Cross-Site Scripting (XSS) |
| Simple Contact Forms | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Simple Download Counter | Cross-Site Scripting (XSS) |
| Simple Map No Api | Cross-Site Scripting (XSS) |
| Simple Maps | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Simple Owl Carousel | Cross-Site Scripting (XSS) |
| Simple Post Expiration | Cross-Site Scripting (XSS) |
| Simple Post Meta Manager | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Simple Social Media Share Buttons | Cross-Site Scripting (XSS) |
| Simple Social Media Share Buttons | Cross-Site Scripting (XSS) |
| Simple Spoiler | Cross-Site Scripting (XSS) |
| Simple WP Events | Cross-Site Scripting (XSS) |
| Simple-Audioplayer | Cross-Site Scripting (XSS) |
| Simplish Theme | Cross-Site Scripting (XSS) |
| SimpLy Gallery | Cross-Site Scripting (XSS) |
| SimplyRETS Real Estate IDX | Cross-Site Scripting (XSS) |
| Sirv | Cross-Site Scripting (XSS) |
| Site Search 360 | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Site Table of Contents | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| SKT Blocks | Cross-Site Scripting (XSS) |
| SKT Blocks | Cross-Site Scripting (XSS) |
| SKT Blocks | Cross-Site Scripting (XSS) |
| SKT Skill Bar | Cross-Site Scripting (XSS) |
| Sky Addons for Elementor | Cross-Site Scripting (XSS) |
| Slide Theme | Cross-Site Scripting (XSS) |
| Small Package Quotes – Worldwide Express Edition | Cross-Site Scripting (XSS) |
| Smart Icons For WordPress | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Smart Maintenance Mode | Cross-Site Scripting (XSS) |
| Smart Product Gallery Slider | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Smartarget Popup | Cross-Site Scripting (XSS) |
| SMM API | Cross-Site Scripting (XSS) |
| SMTP for Amazon SES | Unauthenticated Cross-Site Scripting (XSS) from Email Logs |
| SnapWidget Social Photo Feed Widget | Cross-Site Scripting (XSS) |
| Snow Storm | Cross-Site Scripting (XSS) |
| Social Bookmarking RELOADED | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Social Crowd | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Social Intents | Cross-Site Scripting (XSS) |
| Social Media Links | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Social Share And Social Locker | Cross-Site Scripting (XSS) |
| Social Slider Feed | Cross-Site Scripting (XSS) |
| SpaBiz Theme | Cross-Site Scripting (XSS) |
| spam-stopper | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Spark GF Failed Submissions | Cross-Site Scripting (XSS) |
| Spider Elements – Addons for Elementor | Cross-Site Scripting (XSS) |
| Split Test For Elementor | Cross-Site Scripting (XSS) |
| Spoiler Block | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Sprout Clients | Cross-Site Scripting (XSS) |
| Stop Registration Spam | Cross-Site Scripting (XSS) |
| Subscription Form for Feedblitz | Cross-Site Scripting (XSS) |
| Support Helpdesk Ticket System Lite | Cross-Site Scripting (XSS) |
| SurveyJS | Cross-Site Scripting (XSS) |
| Table Block by Tableberg | Cross-Site Scripting (XSS) |
| Tabs | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Tainá Theme | Cross-Site Scripting (XSS) |
| Task Scheduler | Cross-Site Scripting (XSS) |
| Tax Switch for WooCommerce | Cross-Site Scripting (XSS) |
| TaxoPress | Cross-Site Scripting (XSS) |
| Tayori Form | Cross-Site Scripting (XSS) |
| Team Builder | Cross-Site Scripting (XSS) |
| Team Members for Elementor Page Builder | Cross-Site Scripting (XSS) |
| Team Rosters | Cross-Site Scripting (XSS) |
| Terminal Africa | Cross-Site Scripting (XSS) |
| Terms Before Download | Cross-Site Scripting (XSS) |
| Textmetrics | Cross-Site Scripting (XSS) |
| The Logo Slider | Cross-Site Scripting (XSS) |
| The Pack Elementor addons | Cross-Site Scripting (XSS) |
| The World | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Theme Switcha | Cross-Site Scripting (XSS) |
| Themesflat Addons For Elementor | Cross-Site Scripting (XSS) |
| Themesflat Addons For Elementor | Cross-Site Scripting (XSS) |
| Themify Edmin Theme | Cross-Site Scripting (XSS) |
| Themify Folo Theme | Cross-Site Scripting (XSS) |
| Themify Newsy Theme | Cross-Site Scripting (XSS) |
| Themify Shortcodes | Cross-Site Scripting (XSS) |
| Themify Sidepane WordPress Theme | Cross-Site Scripting (XSS) |
| Tiger Theme | Cross-Site Scripting (XSS) |
| Tiger Theme | Cross-Site Scripting (XSS) |
| Time Based Greeting | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Timeline Event History | Cross-Site Scripting (XSS) |
| Tockify Events Calendar | Cross-Site Scripting (XSS) |
| Tooltip | Cross-Site Scripting (XSS) |
| Tourmaster | Cross-Site Scripting (XSS) |
| Tournamatch | Cross-Site Scripting (XSS) |
| Trackserver | Cross-Site Scripting (XSS) |
| translit it! | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Travelfic Toolkit | Cross-Site Scripting (XSS) |
| Turbo Addons for Elementor | Cross-Site Scripting (XSS) |
| Turisbook Booking System | Cross-Site Scripting (XSS) |
| Twice Commerce | Cross-Site Scripting (XSS) |
| Twispay Credit Card Payments | Cross-Site Scripting (XSS) |
| Twitter Card Generator | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| UiCore Elements | Cross-Site Scripting (XSS) from Multiple Widgets |
| Uix Shortcodes | Cross-Site Scripting (XSS) |
| Ultimate Dashboard | Cross-Site Scripting (XSS) |
| Ultimate Live Cricket WordPress Lite | Cross-Site Scripting (XSS) |
| Ultimate Push Notifications | Cross-Site Scripting (XSS) |
| Ultimate Store Kit Elementor Addons | Cross-Site Scripting (XSS) |
| Ultra Addons Lite for Elementor | Cross-Site Scripting (XSS) |
| Uncanny Toolkit for LearnDash | Cross-Site Scripting (XSS) |
| Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) |
| Unsafe Mimetypes | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Uptime Robot Plugin for WordPress | Cross-Site Scripting (XSS) |
| URL Shortify | Cross-Site Scripting (XSS) |
| User Registration | Cross-Site Scripting (XSS) |
| User Session Synchronizer | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| User Submitted Posts | Cross-Site Scripting (XSS) |
| UXsniff | Cross-Site Scripting (XSS) |
| Varnish WordPress | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Vasaio QR Code | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| VForm | Cross-Site Scripting (XSS) |
| VForm | Cross-Site Scripting (XSS) |
| Vice Versa | Cross-Site Scripting (XSS) |
| Video Playlist For YouTube | Cross-Site Scripting (XSS) |
| Video Url | Cross-Site Scripting (XSS) |
| Videos | Cross-Site Scripting (XSS) |
| VikRestaurants Table Reservations and Take-Away | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Visual Composer Website Builder | Cross-Site Scripting (XSS) |
| VK Filter Search | Cross-Site Scripting (XSS) |
| VKontakte Cross-Post | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Wallet System for WooCommerce | Cross-Site Scripting (XSS) |
| Watu Quiz | Cross-Site Scripting (XSS) |
| Waymark | Cross-Site Scripting (XSS) |
| WDesignkit | Cross-Site Scripting (XSS) |
| Web Directory Free | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Web Directory Free | Cross-Site Scripting (XSS) |
| Web2application | Cross-Site Scripting (XSS) |
| WebberZone Snippetz | Cross-Site Scripting (XSS) |
| WebinarPress | Cross-Site Scripting (XSS) |
| Webling | Cross-Site Scripting (XSS) |
| Welcome Bar | Cross-Site Scripting (XSS) |
| Welcome Popup | Cross-Site Scripting (XSS) |
| Wetterwarner | Cross-Site Scripting (XSS) |
| Widget for Social Page Feeds | Cross-Site Scripting (XSS) |
| Widget for Social Page Feeds | Cross-Site Scripting (XSS) |
| Widgetize Pages Light | Cross-Site Scripting (XSS) |
| Windows Live Writer | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Wireless Butler Theme | Cross-Site Scripting (XSS) |
| WooCommerce – Payphone Gateway | Cross-Site Scripting (XSS) |
| WooCommerce – Store Exporter | Cross-Site Scripting (XSS) |
| WooCommerce Estimate and Quote | Cross-Site Scripting (XSS) |
| WooCommerce Sales MIS Report | Cross-Site Scripting (XSS) |
| WooCommerce TBC Credit Card Payment Gateway (Free) | Cross-Site Scripting (XSS) |
| WooMS | Cross-Site Scripting (XSS) |
| WooMS | Cross-Site Scripting (XSS) |
| WordPress Events Calendar Plugin – connectDaily | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WordPress Events Calendar Registration & Tickets | Cross-Site Scripting (XSS) |
| WordPress Galleria | Cross-Site Scripting (XSS) |
| WordPress Health and Server Condition – Integrated with Google Page Speed | Cross-Site Scripting (XSS) |
| WordPress Maps - Google Maps plugin | Cross-Site Scripting (XSS) |
| wordpress related Posts with thumbnails | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WordPress Spam Blocker | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WordPress Video Robot - The Ultimate Video Importer | Cross-Site Scripting (XSS) |
| Workbox Video from Vimeo & Youtube | Cross-Site Scripting (XSS) |
| WoWHead Tooltips | Cross-Site Scripting (XSS) |
| WP Abstracts | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP AdCenter | Cross-Site Scripting (XSS) |
| WP AutoKeyword | Cross-Site Scripting (XSS) |
| WP Bookmarks | Cross-Site Scripting (XSS) |
| WP Calais Auto Tagger | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP Chrono | Cross-Site Scripting (XSS) |
| WP Cleaner | Cross-Site Scripting (XSS) |
| WP Cookie Consent | Cross-Site Scripting (XSS) |
| WP Copy Media URL | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP Crowdfunding | Cross-Site Scripting (XSS) |
| Wp Custom CMS Block | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP Custom Post Popup | Cross-Site Scripting (XSS) |
| WP Customize Login Page | Cross-Site Scripting (XSS) |
| WP Data Access | Cross-Site Scripting (XSS) |
| WP Date and Time Shortcode | Cross-Site Scripting (XSS) |
| WP Delete User Accounts | Cross-Site Scripting (XSS) |
| WP Donate | Cross-Site Scripting (XSS) |
| WP Easy Poll | Cross-Site Scripting (XSS) |
| WP Editor.md – The Perfect WordPress Markdown Editor | Cross-Site Scripting (XSS) |
| WP Featured Screenshot | Cross-Site Scripting (XSS) |
| WP Filter Post Category | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP Flipclock | Cross-Site Scripting (XSS) |
| WP Hide Categories | Cross-Site Scripting (XSS) |
| WP Import Export Lite | DOM-Based Cross-Site Scripting (XSS) |
| WP Map Route Planner | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP Modal Popup with Cookie Integration | Cross-Site Scripting (XSS) |
| WP Plugin Info Card | Cross-Site Scripting (XSS) |
| WP Post to PDF Enhanced | Cross-Site Scripting (XSS) |
| WP Posts Carousel | Cross-Site Scripting (XSS) |
| WP Profitshare | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP Project Manager | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| WP Project Manager | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| WP Proposals | Cross-Site Scripting (XSS) |
| WP Quiz | Cross-Site Scripting (XSS) |
| wp secure | Cross-Site Scripting (XSS) |
| WP SexyLightBox | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP Sitemap | Cross-Site Scripting (XSS) |
| WP Table Builder | Cross-Site Scripting (XSS) |
| wp Time Machine | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP Vegas | Cross-Site Scripting (XSS) |
| WP w3all phpBB | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP_Identicon | Cross-Site Scripting (XSS) |
| WP-BusinessDirectory | Cross-Site Scripting (XSS) |
| WP-Easy Menu | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP-Hijri | Cross-Site Scripting (XSS) |
| WP-Planification | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WP-Recall | Cross-Site Scripting (XSS) |
| WP-reCAPTCHA-bp | Cross-Site Scripting (XSS) |
| WPAdverts | Cross-Site Scripting (XSS) |
| WPAMS | Cross-Site Scripting (XSS) |
| WPCasa | Cross-Site Scripting (XSS) |
| WPoperation Elementor Addons | Cross-Site Scripting (XSS) |
| wProject Theme | Cross-Site Scripting (XSS) |
| WPSHARE247 Elementor Addons | Cross-Site Scripting (XSS) |
| Wptobe-signinup | Cross-Site Scripting (XSS) |
| WpZon – Amazon Affiliate Plugin | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WS Audio Player | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WS Force Login Page | Cross-Site Scripting (XSS) |
| xili-language | Cross-Site Scripting (XSS) |
| Xpert Tab | Cross-Site Scripting (XSS) |
| Xpro Elementor Addons | Cross-Site Scripting (XSS) |
| XV Random Quotes | Cross-Site Scripting (XSS) |
| YaMaps for WordPress | Cross-Site Scripting (XSS) |
| YouTube Embed | Cross-Site Scripting (XSS) |
| Z Companion | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Zephyr Project Manager | Cross-Site Scripting (XSS) |
| Zoho Creator Forms | Cross-Site Scripting (XSS) |
| ZoomSounds | Cross-Site Scripting (XSS) from Shortcode |
| WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
| WordPress Cross-Site Scripting (XSS) reported in 2024: | 3806 |
| WordPress Cross-Site Scripting (XSS) reported in 2025: | 2911 |
MANAGED WP/Woo SECURITY: WP XSS MAY 2025 – WP Cross-Site Scripting
WP XSS APR 2025: 404(!) Effortless WP Cross-Site Scripting
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP XSS MAR 2025: 443 Effortless WP Cross-Site Scripting
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP XSS FEB 2025: 957(!) Effortless WP Cross-Site Scripting
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP XSS JAN 2025: 430 Effortless WP Cross-Site Scripting
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
Table of Contents
- WP XSS MAY 2025 - WP Cross-Site Scripting
- Managed WP/Woo Security Report
- Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
- Today's reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order your WP Cross-Site Scripting Patch Management.
- Get security LIVEPATCH
- Stay informed
- Need managed WP security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
- MANAGED WP/Woo SECURITY: WP XSS MAY 2025 – WP Cross-Site Scripting
- WP XSS APR 2025: 404(!) Effortless WP Cross-Site Scripting
- WP XSS MAR 2025: 443 Effortless WP Cross-Site Scripting
- WP XSS FEB 2025: 957(!) Effortless WP Cross-Site Scripting
- WP XSS JAN 2025: 430 Effortless WP Cross-Site Scripting
