WordPress Advanced WordPress Backgrounds plugin <= 1.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via imageTag Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via imageTag Parameter vulnerability discovered by Webbernaut in WordPress Plugin Advanced WordPress Backgrounds versions = 1.12.3...

PT-2024-11596 · WordPress · Cab Fare Calculator

Name of the Vulnerable Software and Affected Versions: The Cab fare calculator plugin for WordPress versions up to, and including, 1.1.6 Description: The issue is related to Stored Cross-Site Scripting via the vehicle title setting due to insufficient input sanitization and output escaping. This...

CVE-2024-3998

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-38091 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.6 Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets due to insufficient input...

WordPress Special Feed Items plugin <= 1.0.1 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Special Feed Items versions = 1.0.1...

WordPress plugin LiquidPoll 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-43329

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7...

PT-2024-37694 · WordPress · Sheet To Table Live Sync For Google Sheet

Name of the Vulnerable Software and Affected Versions: The Sheet to Table Live Sync for Google Sheet plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's STWT Sheet Table shortcode due to insufficient input...

WordPress WP eMember plugin <= 10.7.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions v10.7.0...

WordPress plugin Spectra Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-7269

The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-6256

The Feeds for YouTube YouTube video, channel, and gallery plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-6011

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2024-35131 · WordPress · Easy Google Maps

Name of the Vulnerable Software and Affected Versions: Easy Google Maps plugin for WordPress versions up to, and including, 1.11.15 Description: The issue arises from insufficient input sanitization and output escaping in the plugin's file upload feature, allowing authenticated attackers with...

PT-2024-37568 · WordPress · Stock Ticker

Name of the Vulnerable Software and Affected Versions: Stock Ticker plugin for WordPress versions up to, and including, 3.24.4 Description: The issue is related to Stored Cross-Site Scripting via the stock ticker shortcode due to insufficient input sanitization and output escaping on user-supplie...

CVE-2024-4271

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

CVE-2024-36160

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26082

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-4488

The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inlinelist’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-3987

The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...