3452 matches found
CVE-2024-6927
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-7132
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts editor and admin by default to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...
CVE-2024-6927
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3944
The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...
CVE-2024-7132 CoBlocks < 3.1.13 - Editor+ Stored XSS
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts editor and admin by default to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...
CVE-2024-7132 CoBlocks < 3.1.13 - Editor+ Stored XSS
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts editor and admin by default to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...
CVE-2024-7132
CVE-2024-7132 affects the Page Builder Gutenberg Blocks WordPress plugin prior to version 3.1.13. The issue stems from insufficient escaping of the content of post embeds in one block, enabling stored Cross-Site Scripting by users with publish-post capability (editors/admin by default), even when...
CVE-2024-6927 Viral Signup <= 2.1 - Admin+ Stored XSS
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6927 Viral Signup <= 2.1 - Admin+ Stored XSS
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
BIT-WORDPRESS-MULTISITE-2024-43337
Cross-Site Request Forgery CSRF vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0...
PT-2024-28499 · WordPress · Wp To Do
Name of the Vulnerable Software and Affected Versions: WP To Do plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is a Stored Cross-Site Scripting problem due to insufficient input sanitization and output escaping, allowing authenticated attackers with...
CVE-2024-3282
The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3282 WP Table Builder <= 1.5.0 - Admin+ Stored XSS
The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2024-37859 · WordPress · Wordsurvey
Name of the Vulnerable Software and Affected Versions: WordSurvey plugin for WordPress versions up to, and including, 3.2 Description: The issue is related to Stored Cross-Site Scripting via the sounding title parameter due to insufficient input sanitization and output escaping. This allows...
CVE-2022-3399
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookienoticeoptionsrefusecodehead' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress PVN Auth Popup 1.0.0 Cross Site Scripting Vulnerability
Exploit Title: PVN Auth Popup alert1 for the "Login text" input 3. Save and see the XSS Note: Other fields are likely vulnerable...
CVE-2024-6724
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6724 Generate Images – Magic Post Thumbnail < 5.2.8 - Admin+ Stored XSS
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress PVN Auth Popup 1.0.0 Cross Site Scripting
Exploit Title: PVN Auth Popup alert1 for the "Login text" input 3. Save and see the XSS Note: Other fields are likely vulnerable Reference: https://wpscan.com/vulnerability/24685b19-0a44-411a-9e1b-d4d0627d7cb6/...
CVE-2024-6691
The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. Thi...