- It should not be possible for an attacker to inject AngularJS expressions by using curly braces. The application needs to either treat curly braces in user input as highly dangerous or avoid server-side reflection of user input entirely.
- WordPress Plugin Google Maps by BestWebSoft Cross-Site Scripting (1.3.5)
- WordPress Plugin Welcart e-Commerce Multiple Vulnerabilities (1.8.2)
- WordPress 4.5.x Cross-Site Scripting Vulnerability (4.5 - 4.5.1)
- WordPress Plugin Badgearoo Cross-Site Scripting (1.0.8)
- WordPress Plugin WP Media Cleaner Multiple Cross-Site Scripting Vulnerabilities (2.2.6)