WordPress Social Auto Poster plugin <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by István Márton in WordPress Plugin Social Auto Poster versions = 5.3.14...

CVE-2024-37951

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Noor alam Magical Posts Display – Elementor & Gutenberg Posts Blocks allows Stored XSS.This issue affects Magical Posts Display – Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38...

CVE-2024-37951

CVE-2024-37951 is a stored Cross‑Site Scripting vulnerability in the WordPress plugin ** Magical Posts Display – Elementor & Gutenberg Posts Blocks**. It affects the product as listed: Magical Posts Display – Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38. The issue arises from impro...

CVE-2024-5977

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-5977

CVE-2024-5977 affects GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is an Insecure Direct Object Reference (IDOR) in the handleRequest path, with missing validation on a user-controlled key, enabling authenticated users with GiveWP Worker-level access and abov...

PT-2024-37288 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress versions up to, and including, 3.13.0 Description: The issue is related to Insecure Direct Object Reference, which occurs due to missing validation on a user-controlled ke...

PT-2024-37302

Name of the Vulnerable Software and Affected Versions: The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress versions up to, and including, 0.6 Description: The issue allows authenticated attackers with Subscriber-level access and above to create duplicates of users and...

CVE-2024-1937

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateitem' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to...

CVE-2024-1937 Brizy – Page Builder <= 2.4.44 - Missing Authorization to Authenticated (Contributor+) Post Modification

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateitem' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to...

WordPress User Submitted Posts plugin < 20240516 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Guido Iván García Duva in WordPress Plugin User Submitted Posts versions 20240516...

WordPress User Submitted Posts Plugin < 20240516 is vulnerable to Cross Site Scripting (XSS)

Software User Submitted Posts Type Plugin Vulnerable versions 20240516 Fixed in 20240516 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5002 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b741c5e1dcda Credits Guido Iván Garc...

CVE-2024-5002

The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5002 User Submitted Posts < 20240516 - Admin+ Stored XSS

The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5002 User Submitted Posts < 20240516 - Admin+ Stored XSS

The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Inline Related Posts plugin < 3.7.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Inline Related Posts versions 3.7.0...

CVE-2024-5626

The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5626 Inline Related Posts < 3.7.0 - Reflected XSS

The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-36775 · WordPress · Inline Related Posts

Name of the Vulnerable Software and Affected Versions: Inline Related Posts WordPress plugin versions prior to 3.7.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in th...

WordPress Inline Related Posts Plugin < 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Inline Related Posts Type Plugin Vulnerable versions 3.7.0 Fixed in 3.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5626 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e490330be604 Credits Dmitrii Ignatye...

CVE-2024-5178

creationtimestamp| type| source ---|---|--- 2024-07-10 19:43:22+00:00| seen| https://t.me/cvedetector/557 2024-07-27 20:58:34+00:00| seen| https://vulnerability.circl.lu/bundle/0ed650b2-0845-4a5d-8164-a858acafffa8 2025-03-20 19:51:43+00:00| seen|...