Known Vulnerabilities for products from Plugin-planet
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Plugin-planet".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-46240 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Downl... | Not Provided | 2025-04-22 | 2026-04-01 |
| CVE-2025-46239 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switch... | Not Provided | 2025-04-22 | 2026-04-01 |
| CVE-2024-0979 json | The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in a... | Not Provided | 2024-06-13 | 2026-04-08 |
| CVE-2023-26517 json | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 version... | 4.8 - MEDIUM | 2023-05-06 | 2023-05-10 |
| CVE-2023-5614 json | The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' sho... | Not Provided | 2023-10-20 | 2026-04-08 |
| CVE-2023-4838 json | The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in ... | 5.4 - MEDIUM | 2023-09-09 | 2023-11-07 |
| CVE-2023-4779 json | The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] sho... | Not Provided | 2023-09-06 | 2026-04-08 |
| CVE-2023-4308 json | The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content�... | 5.4 - MEDIUM | 2023-08-15 | 2023-11-07 |
| CVE-2022-27850 json | Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log... | 4.3 - MEDIUM | 2022-04-15 | 2022-04-22 |
| CVE-2022-27849 json | Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | 7.5 - HIGH | 2022-04-15 | 2022-04-21 |
| CVE-2022-25610 json | Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious c... | 6.1 - MEDIUM | 2022-03-25 | 2022-12-02 |
| CVE-2022-25601 json | Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (ve... | 6.1 - MEDIUM | 2022-03-11 | 2023-11-07 |
| CVE-2022-1165 json | The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine th... | 9.1 - CRITICAL | 2022-04-04 | 2022-04-12 |
| CVE-2021-24409 json | The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, ... | 6.1 - MEDIUM | 2021-07-12 | 2021-07-15 |
| CVE-2021-24408 json | The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with... | 5.4 - MEDIUM | 2021-07-12 | 2021-07-15 |
| CVE-2019-25138 json | The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in ... | Not Provided | 2023-06-07 | 2026-04-08 |
| CVE-2016-11001 json | The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | 6.1 - MEDIUM | 2019-09-20 | 2019-09-20 |
Known software with vulnerabilities from Plugin-planet
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Plugin-planet | User Submitted Posts | - |