The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure revslider can be extended to authors.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8.

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.

Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15.

Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14.

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <= 1.0.0 versions.

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.