The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the…

The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading…

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action…

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via…

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which…

The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related…

The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL…

The WP Voting Contest WordPress plugin through 2.1 does not sanitise and escape the post_id parameter before outputting it back in the response via the…

The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of…

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener…