CVE-2018-5671

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter.

Source: CVE-2018-5671

CVE-2018-5651

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.

Source: CVE-2018-5651

CVE-2018-5657

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter.

Source: CVE-2018-5657

CVE-2018-5665

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter.

Source: CVE-2018-5665

CVE-2018-5659

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter.

Source: CVE-2018-5659

CVE-2018-5666

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter.

Source: CVE-2018-5666

CVE-2018-5660

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_sub_title parameter.

Source: CVE-2018-5660

CVE-2018-5653

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.

Source: CVE-2018-5653

CVE-2018-5654

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.

Source: CVE-2018-5654

CVE-2018-5670

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter.

Source: CVE-2018-5670