CVE-2024-4001

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdmmodalloginform' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-35136 · WordPress · The Easy Social Like Box – Popup – Sidebar Widget

Name of the Vulnerable Software and Affected Versions: The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress versions up to, and including, 4.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'cardoza facebook like box' shortcode due to...

CVE-2024-4553

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...

CVE-2024-4470

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslideinfo' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tagname' attribute. This...

CVE-2024-4709

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes i...

PT-2024-23562 · WordPress · Custom Field Suite

Name of the Vulnerable Software and Affected Versions: Custom Field Suite plugin for WordPress versions up to, and including, 2.6.5 Description: The issue is related to Stored Cross-Site Scripting via the cfsfieldsname parameter due to insufficient input sanitization and output escaping. This...

PT-2024-26241 · WordPress · Wp Recipe Maker

Name of the Vulnerable Software and Affected Versions: WP Recipe Maker plugin for WordPress versions up to, and including, 9.3.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode due to insufficient input sanitization and output...

PT-2024-25440 · Pdfcrowd · Save As Pdf Plugin

Name of the Vulnerable Software and Affected Versions: Save as PDF plugin by Pdfcrowd versions 3.2.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Save as PDF plugin by Pdfcrowd, which allows Stored XSS. Recommendations: For versions 3.2.0 and...

PT-2024-24696 · Kraftplugins · Kraftplugins Mega Elements

Name of the Vulnerable Software and Affected Versions: Kraftplugins Mega Elements versions 1.1.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means an attacker can inject malicious scripts into the...

PT-2024-24702 · Unknown · Averta Master Slider

Name of the Vulnerable Software and Affected Versions: Averta Master Slider versions through 3.9.8 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject malicious...

CVE-2024-2101

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...

UBUNTU-CVE-2024-3092

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

CVE-2024-0826

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-19630 · 10Web · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.21 Description: The issue is related to Stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization...

CVE-2024-2868

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to...

CVE-2024-2925

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

PT-2024-23778 · Toastie Studio · Woocommerce Social Media Share Buttons

Name of the Vulnerable Software and Affected Versions: Woocommerce Social Media Share Buttons versions 1.3.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in Toastie Studio Woocommerce Social Media Share Buttons. Recommendations: For...

PT-2024-23371 · Unknown · Testimonial Slider

Name of the Vulnerable Software and Affected Versions: GS Testimonial Slider versions 3.1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

PT-2024-22789 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.128 Description: A Stored Cross-Site Scripting XSS vulnerability has been identified within the Signature Input Field of the FreeScout Application. This occurs when user input is not properly sanitized and is...

CVE-2024-29117

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0...