WordPress Simple Google Calendar Outlook Events Block Widget plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin Simple Google Calendar Outlook Events Block Widget versions = 2.5.0...

CVE-2024-5582

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2024-5646 Futurio Extra <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

Futurio Extra < 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget

Description The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for...