[FD] Forminator 1.5.4 - Unauthenticated Persistent XSS, Blind SQL Injection (WordPress Plugin)

/2018 * Public Disclosure: 02/05/2019 * Credit: Tim Coen ## Unauthenticated Persistent XSS via poll # CVSS 7.2 High [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) # Details Custom fields of a poll

[FD] Quiz And Survey Master 6.0.4 - Reflected XSS (WordPress Plugin)

/2019 * Credit: Tim Coen # CVSS 6.1 Medium [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) # Overview The Quiz And Survey Master WordPress plugin is vulnerable to reflected XSS as it echoes the quiz_id

[FD] Blog2Social 5.0.2 - Reflected XSS (WordPress Plugin)

* Credit: Tim Coen # CVSS 6.1 Medium [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) # Overview The Blog2Social WordPress plugin is vulnerable to reflected XSS as it echoes the b2s_update_publish_date

[FD] Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin)

blic Disclosure: 02/05/2019 * Credit: Tim Coen ## Reflected XSS # CVSS 6.1 Medium [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) # Overview The Contact Form Email WordPress plugin is vulnerabl

[FD] Font_Organizer 2.1.1 - Reflected XSS (WordPress Plugin)

* Credit: Tim Coen # CVSS 6.1 Medium [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) # Overview The Font_Organizer WordPress plugin is vulnerable to reflected XSS as it echoes the manage_font_id parameter

[FD] Give 2.3.0 - Reflected XSS (WordPress Plugin)

* Vulnerability: XSS * Affected Software: [Give](https://wordpress.org/plugins/give/) * Affected Version: 2.3.0 * Patched Version: 2.3.1 * CVE: not requested * Risk: Medium * Vendor Contacted: 11/24/2018 * Vendor Fix: 12/13/2018 * Public Disclosure: 02/05/2019 * Credit: Tim

[FD] KingComposer 2.7.6 - Reflected XSS (WordPress Plugin)

: Tim Coen # CVSS 6.1 Medium [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) # Overview The KingComposer WordPress plugin is vulnerable to reflected XSS as it echoes the id parameter without proper

[FD] NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin)

* Vendor Fix: 11/02/2018 * Public Disclosure: 02/05/2019 * Credit: Tim Coen # CVSS 6.1 Medium [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) # Overview The Social Networks Auto-Poster WordPress

[FD] wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin)

/2019 * Credit: Tim Coen # CVSS 6.1 Medium [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) # Overview The wpGoogleMaps WordPress plugin is vulnerable to reflected XSS as it echoes PHP_SELF without

[FD] WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin)

/05/2019 * Credit: Tim Coen # CVSS 6.1 Medium [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) # Overview The WP Live Chat Support WordPress plugin is vulnerable to reflected XSS as it echoes the term

[FD] YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin)

: Tim Coen # CVSS 6.1 Medium [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) # Overview The YOP poll WordPress plugin is vulnerable to reflected XSS as it echoes the poll_id parameter without proper