- WordPress Plugin Ajax Category Dropdown is prone to multiple SQL injection vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Ajax Category Dropdown version 0.1.5 is vulnerable; other versions may also be affected.
- Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available
- WordPress Plugin WP Live Chat Support Cross-Site Scripting (7.0.06)
- Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5)
- WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (2.1.10)
- WordPress Plugin The Events Calendar Cross-Site Scripting (3.0)
- WordPress Plugin Wordfence Security Cross-Site Scripting (3.3.5)