3452 matches found
CVE-2024-3754
The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2218
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3754
The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4005
CVE-2024-4005 : The Social Pixel WordPress plugin (versions up to 2.1) fails to sanitise/escape certain settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., multisite). Exploitation details are not provided in these documents beyond ...
CVE-2024-4005 Social Pixel <= 2.1 - Admin+ Stored XSS
The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3754 Alemha Watermarker <= 1.3.1 - Author+ Stored XSS
The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3754 Alemha Watermarker <= 1.3.1 - Author+ Stored XSS
The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2218
The CVE-2024-2218 issue affects the LuckyWP Table of Contents WordPress plugin up to version 2.1.4, where settings sanitization/escaping is insufficient, enabling admin-level Stored XSS in multisite or when unfiltered_html is disabled. Root cause: inadequate input sanitization/escapes in certain ...
PT-2024-28767 · WordPress · Social Pixel
Name of the Vulnerable Software and Affected Versions: The Social Pixel WordPress plugin versions through 2.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...
PT-2024-28666 · WordPress · Wordpress Jitsi Shortcode
Name of the Vulnerable Software and Affected Versions: WordPress Jitsi Shortcode WordPress plugin versions 0.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, fo...
CVE-2024-4149
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac...
CVE-2024-4145
The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network...
CVE-2024-4149 Floating Chat Widget < 3.2.3 - Admin+ Stored XSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac...
PT-2024-29406 · WordPress · Search & Replace
Name of the Vulnerable Software and Affected Versions: Search & Replace WordPress plugin versions prior to 3.2.2 Description: The issue allows admins to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. This can be particularly...
PT-2024-29421 · WordPress · The Floating Chat Widget
Name of the Vulnerable Software and Affected Versions: The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin versions prior to 3.2.3 Description: The issue allows high privilege users, such as admins, to perform...
CVE-2024-0653
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...