CVE-2024-8793

The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes ...

WordPress Optin Hound plugin <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by Francesco Carlucci in WordPress Plugin Optin Hound versions = 1.4.3...

PT-2024-39206 · WordPress · Dk Pdf Plugin

Name of the Vulnerable Software and Affected Versions: DK PDF plugin for WordPress versions up to, and including, 1.9.6 Description: The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This makes ...

PT-2024-39251 · WordPress · Auto Featured Image From Title

Name of the Vulnerable Software and Affected Versions: Auto Featured Image from Title plugin for WordPress versions prior to 2.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticated...

WordPress plugin Custom Banners 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin PDF Image Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plug-in. A cross-site scripting...

WordPress plugin LH Copy Media File 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress plugin Store Exporter for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WP Search Analytics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress plugin Loggedin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2024-39491 · WordPress · Wp Search Analytics

Name of the Vulnerable Software and Affected Versions: WP Search Analytics plugin for WordPress versions up to, and including, 1.4.10 Description: The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate...

PT-2024-39192 · WordPress · Gtm Server Side

Name of the Vulnerable Software and Affected Versions: GTM Server Side plugin for WordPress versions up to, and including, 2.1.19 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticate...

WordPress plugin GTM Server Side 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-39195 · WordPress · Simple Ldap Login

Name of the Vulnerable Software and Affected Versions: Simple LDAP Login plugin for WordPress versions up to, and including, 1.6.0 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without proper escaping on the URL. This allows unauthenticated...

PT-2024-39290 · WordPress · Store Hours For Woocommerce

Name of the Vulnerable Software and Affected Versions: Store Hours for WooCommerce plugin for WordPress versions up to, and including, 4.3.20 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows...

CVE-2024-8662

The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

PT-2024-39084 · WordPress · The Pixel Cat – Conversion Pixel Manager

Name of the Vulnerable Software and Affected Versions: The Pixel Cat – Conversion Pixel Manager plugin for WordPress versions up to, and including, 3.0.5 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject...

PT-2024-39215 · WordPress · Seriously Simple Stats

Name of the Vulnerable Software and Affected Versions: Seriously Simple Stats plugin for WordPress versions up to, and including, 1.6.0 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web script...

CVE-2024-8734

The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8731

The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...