Lucene search

K

Business Directory Plugin | GeoDirectory Security Vulnerabilities

nvd
nvd

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...

0.0004EPSS

2024-06-14 06:15 AM
2
cve
cve

CVE-2023-51496

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-14 06:15 AM
21
cve
cve

CVE-2023-51497

Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-14 06:15 AM
30
cve
cve

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...

6.4AI Score

0.0004EPSS

2024-06-14 06:15 AM
10
nvd
nvd

CVE-2023-51377

Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-14 06:15 AM
2
cve
cve

CVE-2023-51377

Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-14 06:15 AM
7
cvelist
cvelist

CVE-2024-5155 Inquiry Cart <= 3.4.2 - Stored XSS via CSRF

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-14 06:00 AM
3
vulnrichment
vulnrichment

CVE-2024-5155 Inquiry Cart <= 3.4.2 - Stored XSS via CSRF

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

5.8AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-4751 WP Prayer II <= 2.4.7 - Settings Update via CSRF

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...

0.0004EPSS

2024-06-14 06:00 AM
3
cvelist
cvelist

CVE-2024-3993 AZAN Plugin <= 0.6 - Stored XSS via CSRF

The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-14 06:00 AM
3
vulnrichment
vulnrichment

CVE-2024-4271 SVGator <= 1.2.6 - Stored XSS via SVG Upload

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

5.9AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-4271 SVGator <= 1.2.6 - Stored XSS via SVG Upload

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

0.0004EPSS

2024-06-14 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-3993 AZAN Plugin <= 0.6 - Stored XSS via CSRF

The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

6AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

0.0004EPSS

2024-06-14 06:00 AM
3
cvelist
cvelist

CVE-2024-4480 WP Prayer II <= 2.4.7 - Email Settings Update via CSRF

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF...

0.0004EPSS

2024-06-14 06:00 AM
3
cvelist
cvelist

CVE-2024-4005 Social Pixel <= 2.1 - Admin+ Stored XSS

The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-14 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-4480 WP Prayer II <= 2.4.7 - Email Settings Update via CSRF

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF...

6.8AI Score

0.0004EPSS

2024-06-14 06:00 AM
vulnrichment
vulnrichment

CVE-2024-4005 Social Pixel <= 2.1 - Admin+ Stored XSS

The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.4AI Score

0.0004EPSS

2024-06-14 06:00 AM
vulnrichment
vulnrichment

CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

5.8AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF

The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF...

0.0004EPSS

2024-06-14 06:00 AM
3
cvelist
cvelist

CVE-2024-3992 Amen <= 3.3.1 - Admin+ Stored XSS

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-14 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF

The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF...

6.3AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-3978 WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-14 06:00 AM
2
cvelist
cvelist

CVE-2024-3972 Similarity <= 3.0 - Stored XSS via CSRF

The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-14 06:00 AM
2
cvelist
cvelist

CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-14 06:00 AM
3
vulnrichment
vulnrichment

CVE-2024-3992 Amen <= 3.3.1 - Admin+ Stored XSS

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.7AI Score

0.0004EPSS

2024-06-14 06:00 AM
vulnrichment
vulnrichment

CVE-2024-3965 Pray For Me <= 1.0.4 - Settings Update via CSRF

The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...

6.8AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-3965 Pray For Me <= 1.0.4 - Settings Update via CSRF

The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...

0.0004EPSS

2024-06-14 06:00 AM
3
cvelist
cvelist

CVE-2024-1295 The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...

0.0004EPSS

2024-06-14 06:00 AM
2
cvelist
cvelist

CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-14 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-3966 Pray For Me <= 1.0.4 - Unauthenticated Stored XSS

The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP...

6.2AI Score

0.0004EPSS

2024-06-14 06:00 AM
vulnrichment
vulnrichment

CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.8AI Score

0.0004EPSS

2024-06-14 06:00 AM
1
vulnrichment
vulnrichment

CVE-2024-3754 Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.7AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-3754 Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-14 06:00 AM
2
cvelist
cvelist

CVE-2024-3966 Pray For Me <= 1.0.4 - Unauthenticated Stored XSS

The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP...

0.0004EPSS

2024-06-14 06:00 AM
2
cvelist
cvelist

CVE-2023-51377 WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-14 05:45 AM
3
vulnrichment
vulnrichment

CVE-2023-51377 WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-14 05:45 AM
cvelist
cvelist

CVE-2023-51495 WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-14 05:42 AM
2
vulnrichment
vulnrichment

CVE-2023-51495 WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-14 05:42 AM
cvelist
cvelist

CVE-2023-51496 WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-14 05:40 AM
2
vulnrichment
vulnrichment

CVE-2023-51496 WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-14 05:40 AM
cvelist
cvelist

CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating....

8.5CVSS

0.0005EPSS

2024-06-14 05:39 AM
2
vulnrichment
vulnrichment

CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating....

8.5CVSS

6.7AI Score

0.0005EPSS

2024-06-14 05:39 AM
cvelist
cvelist

CVE-2024-2122 FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

0.0004EPSS

2024-06-14 05:39 AM
2
vulnrichment
vulnrichment

CVE-2024-5551 WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...

7.5CVSS

6.4AI Score

0.001EPSS

2024-06-14 05:39 AM
cvelist
cvelist

CVE-2024-5551 WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...

7.5CVSS

0.001EPSS

2024-06-14 05:39 AM
2
cvelist
cvelist

CVE-2024-23504 WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-14 05:37 AM
3
vulnrichment
vulnrichment

CVE-2024-23504 WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-14 05:37 AM
vulnrichment
vulnrichment

CVE-2023-51497 WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...

5.4CVSS

6.9AI Score

0.0004EPSS

2024-06-14 05:33 AM
cvelist
cvelist

CVE-2023-51497 WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-14 05:33 AM
3
Total number of security vulnerabilities346390