Plugin-Planet: Security Vulnerabilities
The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
CVSS Score
6.1
EPSS Score
0.133
Published
2021-07-12
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-20
Page 3