78 matches found
CVE-2024-7489
The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-9590
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaftaddmetatextinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-10672
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...
CVE-2023-1019
The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...
CVE-2023-2435
The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.0 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...
CVE-2024-13890
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access a...
CVE-2024-13890 Allow PHP Execute <= 1.0 - Authenticated (Editor+) PHP Code Injection
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access a...
CVE-2024-13890
CVE-2024-13890 affects the WordPress plugin Allow PHP Execute (
CVE-2024-13833
The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...
CVE-2024-13833
The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...
CVE-2024-13833
CVE-2024-13833: Album Gallery – WordPress Gallery plugin vulnerable to authenticated PHP Object Injection via gallery meta in all versions
CVE-2024-13833 Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta
The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...
CVE-2024-7560
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...
CVE-2024-7351
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...
CVE-2024-10034
CVE-2024-10034 affects the WordPress plugin “Gallery Blocks with Lightbox” (also listed as Simply Gallery Block). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the gallery link text parameter, exploitable by authenticated attackers with Editor-level access or higher. Affected v...
CVE-2024-11409
The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from csallphotosdetails parameter. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a...
CVE-2024-11409 Grid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object Injection
The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from csallphotosdetails parameter. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a...
CVE-2024-11409 Grid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object Injection
The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from csallphotosdetails parameter. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a...
CVE-2024-11409
The Grid View Gallery WordPress plugin (versions
CVE-2024-10672
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...