Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Angry Yack Logo
Total 42233 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24408 1 Lightspeedhq 1 Ecwid Ecommerce Shopping Cart 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.
CVE-2023-24406 1 Simple Popup Project 1 Simple Popup 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions.
CVE-2023-24404 1 Rarathemes 1 Vryasage Marketing Performance 2024-11-21 N/A 7.1 HIGH
Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions.
CVE-2023-24403 1 Wpforthewin 1 Bbpress Voting 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions.
CVE-2023-24402 1 Wpbookingsystem 1 Wp Booking System 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.
CVE-2023-24401 1 Davidsword 1 Mobile Call Now \& Map Buttons 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions.
CVE-2023-24400 1 Hu-manity 1 Cookie Notice \& Compliance For Gdpr \/ Ccpa 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.4.6 versions.
CVE-2023-24399 1 Oceanwp 1 Ocean Extra 2024-11-21 N/A 5.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.
CVE-2023-24398 1 Snapcreek 1 Ezp Coming Soon Page 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.
CVE-2023-24397 1 Reservation 1 Reservation.studio 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.
CVE-2023-24396 1 Vikwp 1 Vikbooking Hotel Booking Engine \& Pms 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.
CVE-2023-24394 1 Iframe Project 1 Iframe 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.
CVE-2023-24393 1 Wpmart 1 Animated Number Counters 2024-11-21 N/A 6.5 MEDIUM
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions.
CVE-2023-24392 1 I13websolution 1 Full Width Banner Slider Wp 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions.
CVE-2023-24391 1 Spiderteams 1 Applyonline - Application Form Builder And Manager 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions.
CVE-2023-24390 1 Wesecur 1 Wesecur 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <= 1.2.1 versions.
CVE-2023-24389 1 Brandid 1 Social Proof \(testimonial\) Slider 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions.
CVE-2023-24387 1 Wpdevart 1 Organization Chart 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions.
CVE-2023-24386 1 Ai Contact Us Form Project 1 Ai Contact Us Form 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions.
CVE-2023-24385 1 Davidlingren 1 Media Library Assistant 2024-11-21 N/A 5.9 MEDIUM
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.
CVE-2023-24383 1 Kibokolabs 1 Namaste\! Lms 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.
CVE-2023-24381 1 Nsthemes 1 Advanced Social Pixel 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions.
CVE-2023-24378 1 Codeat 1 Glossary 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeat Glossary plugin <= 2.1.27 versions.
CVE-2023-24376 1 Wp Simple Events Project 1 Wp Simple Events 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions.
CVE-2023-24374 1 Material Design Icons For Page Builders Project 1 Material Design Icons For Page Builders 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.
CVE-2023-24372 1 Usbmemorydirect 1 Simple Custom Author Profiles 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions.
CVE-2023-24279 1 Opennetworking 1 Onos 2024-11-21 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
CVE-2023-24251 1 Wangeditor 1 Wangeditor 2024-11-21 N/A 5.4 MEDIUM
WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js.
CVE-2023-24070 1 Misp-project 1 Malware Information Sharing Platform 2024-11-21 N/A 6.1 MEDIUM
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
CVE-2023-24050 1 Connectize 2 Ac21000 G6, Ac21000 G6 Firmware 2024-11-21 N/A 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel.
CVE-2023-24031 1 Zimbra 1 Collaboration 2024-11-21 N/A 6.1 MEDIUM
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.
CVE-2023-24009 1 Wpazure 1 Upfrontwp 2024-11-21 N/A 6.5 MEDIUM
Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions.
CVE-2023-24006 1 Linksoftwarellc 1 Wp Terms Popup 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions.
CVE-2023-24005 1 Winwar 1 Inline Tweet Sharer 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 versions.
CVE-2023-24004 1 Wpdevart 1 Download Image And Video Lightbox\, Image Popup 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions.
CVE-2023-24003 1 Timersys 1 Wp Popups 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions.
CVE-2023-24002 1 Wpdevart 1 Youtube Embed\, Playlist And Popup 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions.
CVE-2023-23999 1 Monsterinsights 1 Google Analytics Dashboard 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions.
CVE-2023-23998 1 E4jconnect 1 Vikrentcar 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin <= 1.3.0 versions.
CVE-2023-23996 1 Properfraction 1 Profilepress 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versions.