PT-2024-16969 · WordPress · Spotlight

Name of the Vulnerable Software and Affected Versions: Spotlightr plugin for WordPress versions up to, and including, 0.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-36278 · WordPress · Matt Walters Wordpress Filter

Name of the Vulnerable Software and Affected Versions: Matt Walters WordPress Filter versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-36284 · Unknown · Go Animate

Name of the Vulnerable Software and Affected Versions: Go Animate versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also...

PT-2024-35837 · Unknown · Plumeria Web Design Blizzard Quotes

Name of the Vulnerable Software and Affected Versions: Plumeria Web Design Blizzard Quotes versions n/a through 1.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform unauthorized actions on the website. The estimat...

PT-2024-35894 · Home Junction · Spatialmatch Idx

Name of the Vulnerable Software and Affected Versions: Home Junction SpatialMatch IDX versions n/a through 3.0.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-35888 · Donate Me · Donate Me

Name of the Vulnerable Software and Affected Versions: Donate Me versions 1.2.5 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

CVE-2024-50837

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/adminuser.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters...

PT-2024-15976 · Wpforms · File Upload Types

Name of the Vulnerable Software and Affected Versions: File Upload Types by WPForms plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allo...

CVE-2024-9589

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newmetaname' parameter in the 'wpaftoptionpage' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-49335

Cross-Site Request Forgery CSRF vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2...

CVE-2024-9582

The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementsReady Addons for Elementor versions = 6.4.3...

CVE-2024-9457

The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

PT-2024-39406 · WordPress · Gdpr-Extensions-Com – Consent Manager

Name of the Vulnerable Software and Affected Versions: GDPR-Extensions-com – Consent Manager plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping...

PT-2024-39558 · WordPress · Locateandfilter Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: LocateAndFilter plugin for WordPress versions up to, and including, 1.6.14 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

PT-2024-39356 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's osm map and osm map v3 shortcodes due to insufficient input sanitization and outpu...

CVE-2024-9173

The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

CVE-2024-7617

The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Exploit for Cross-Site Request Forgery (CSRF) in Creativeitem Academy_Lms

CVE-2022-47131 Academy LMS = 5.10 CSRF / XSS Descriptio...

PT-2024-31647 · Unknown · Spiffy Calendar

Name of the Vulnerable Software and Affected Versions: Spiffy Calendar versions through 4.9.13 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can inject malicio...