Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Engine Gutenberg Blocks – ACF Blocks Suite acf-blocks allows Stored XSS.This issue affects Gutenberg Blocks – ACF Blocks Suite: from n/a through <= 2.6.11.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Stored XSS.This issue affects Anant Addons for Elementor: from n/a through <= 1.2.8.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows DOM-Based XSS.This issue affects Buying Buddy IDX CRM: from n/a through <= 2.3.0.

Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows Cross Site Request Forgery.This issue affects Mailing Group Listserv: from n/a through <= 3.0.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyrilG Fyrebox Quizzes fyrebox-shortcode allows Stored XSS.This issue affects Fyrebox Quizzes: from n/a through <= 3.1.

Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks &#8211; Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Blocks &#8211; Page Builder Blocks for Gutenberg: from n/a through <= 1.4.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Fitness Park fitness-park allows DOM-Based XSS.This issue affects Fitness Park: from n/a through <= 1.1.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Spark Multipurpose spark-multipurpose allows DOM-Based XSS.This issue affects Spark Multipurpose: from n/a through <= 1.0.7.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through <= 2.9.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki spoki allows Stored XSS.This issue affects Spoki: from n/a through <= 2.17.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls cp-polls allows Stored XSS.This issue affects CP Polls: from n/a through <= 1.0.81.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Truong Thanh ATP Call Now atp-call-now allows Stored XSS.This issue affects ATP Call Now: from n/a through <= 1.0.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Coyier CodePen Embed Block codepen-embed-block allows Stored XSS.This issue affects CodePen Embed Block: from n/a through <= 1.2.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JK WP-FB-AutoConnect wp-fb-autoconnect allows Stored XSS.This issue affects WP-FB-AutoConnect: from n/a through <= 4.6.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Peake Better Random Redirect better-random-redirect allows Stored XSS.This issue affects Better Random Redirect: from n/a through <= 1.3.20.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nitin Yawalkar RDFa Breadcrumb rdfa-breadcrumb allows Stored XSS.This issue affects RDFa Breadcrumb: from n/a through <= 2.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandor Kovacs Simple Sticky Footer simple-sticky-footer allows Stored XSS.This issue affects Simple Sticky Footer : from n/a through <= 1.3.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tealium Tealium tealium allows Stored XSS.This issue affects Tealium: from n/a through <= 2.1.20.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt WP Voting Contest wp-voting-contest allows Stored XSS.This issue affects WP Voting Contest: from n/a through <= 5.8.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login ip-based-login allows Stored XSS.This issue affects IP Based Login: from n/a through <= 2.4.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodrigo Bastos Hand Talk handtalk allows Stored XSS.This issue affects Hand Talk: from n/a through <= 6.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan PDPA Consent for Thailand pdpa-consent allows Stored XSS.This issue affects PDPA Consent for Thailand: from n/a through <= 1.1.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Judge CSV Importer Improved csv-importer-improved allows Stored XSS.This issue affects CSV Importer Improved: from n/a through <= 0.6.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fridaysystems Inventory Presser inventory-presser allows Stored XSS.This issue affects Inventory Presser: from n/a through <= 15.2.6.

Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2.