Gopiplus: Security Vulnerabilities
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-09-27
The Horizontal scrolling announcement for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-09-16
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <= 7.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-09-04
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <= 13.0 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-10
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-10
Page 4