CVE-2024-7955

The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7955 Starbox < 3.5.2 - Admin+ Stored XSS

The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-38455 · Peepso · The Community By Peepso

Name of the Vulnerable Software and Affected Versions: The Community by PeepSo plugin for WordPress versions up to, and including, 6.4.5.0 Description: The issue is related to Stored Cross-Site Scripting via the content parameter due to insufficient input sanitization and output escaping. This...

PT-2024-38483 · Peepso · The Community By Peepso

Name of the Vulnerable Software and Affected Versions: The Community by PeepSo plugin for WordPress versions up to, and including, 6.4.5.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...

CVE-2024-7918

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7918

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7918 Pocket Widget <= 0.1.3 - Admin+ Stored XSS

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7918 Pocket Widget <= 0.1.3 - Admin+ Stored XSS

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5561 Popup Maker < 1.19.1 - Admin+ Stored XSS

The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-38716 · WordPress · Starbox

Name of the Vulnerable Software and Affected Versions: The Starbox WordPress plugin versions prior to 3.5.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

PT-2024-36565 · WordPress · Popup Maker

Name of the Vulnerable Software and Affected Versions: The Popup Maker WordPress plugin versions prior to 1.19.1 Description: The issue concerns a Stored Cross-Site Scripting flaw in the Popup Maker WordPress plugin. This flaw arises because the plugin does not properly sanitize and escape some o...

PT-2024-38685 · WordPress · Pocket Widget

Name of the Vulnerable Software and Affected Versions: Pocket Widget WordPress plugin version 0.1.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite...

CVE-2022-3556

The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative...

CVE-2022-3556

The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative...

PT-2024-11596 · WordPress · Cab Fare Calculator

Name of the Vulnerable Software and Affected Versions: The Cab fare calculator plugin for WordPress versions up to, and including, 1.1.6 Description: The issue is related to Stored Cross-Site Scripting via the vehicle title setting due to insufficient input sanitization and output escaping. This...

CVE-2024-6889

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

CVE-2024-6722

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-6722 Chatbot Support AI <= 1.0.2 - Admin+ Stored XSS

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

PT-2024-37929 · WordPress · Secure Copy Content Protection/Content Locking

Name of the Vulnerable Software and Affected Versions: Secure Copy Content Protection and Content Locking WordPress plugin versions prior to 4.1.7 Description: The issue is related to the Secure Copy Content Protection and Content Locking WordPress plugin, which does not properly sanitise and...

PT-2024-37822 · WordPress · Woocommerce Chatbot Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin versions 1.0.2 and earlier Description: The issue is related to the lack of sanitization and escaping of some settings in the plugin, which could allow...