CWE-79

The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting

The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Cross-site Scripting (XSS) – Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.

Cross-site Scripting (XSS) – DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0.

Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11.