PT-2024-36304 · WordPress · Login With Ajax

Name of the Vulnerable Software and Affected Versions: Wp Login with Ajax versions 0.6 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and...

PT-2024-36316 · Unknown · Linda Macphee-Cobb Category Of Posts

Name of the Vulnerable Software and Affected Versions: Linda MacPhee-Cobb Category of Posts versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on...

WordPress FluentForm plugin <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject vulnerability

Unauthenticated Stored Cross-Site Scripting via Form Subject vulnerability discovered by mikemyers in WordPress Plugin FluentForm versions = 5.2.6...

PT-2024-36237 · Unknown · Fancy Roller Scroller

Name of the Vulnerable Software and Affected Versions: Fancy Roller Scroller versions through 1.4.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

WordPress Hello in All Languages plugin <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Rei Kobayashi in WordPress Plugin Hello In All Languages versions = 1.0.6...

CVE-2024-52858

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-43736

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

PT-2024-17337 · WordPress · 코드엠샵 소셜톡

Name of the Vulnerable Software and Affected Versions: 코드엠샵 소셜톡 plugin for WordPress version 1.2.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'msntt add plus talk' shortcode due to insufficient input sanitization and output escaping on...

WordPress WPC Smart Quick View for WooCommerce plugin <= 4.1.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin WPC Smart Quick View for WooCommerce versions = 4.1.1...

PT-2024-35825 · Unknown · Multi Feed Reader

Name of the Vulnerable Software and Affected Versions: Multi Feed Reader versions prior to 2.2.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-35823 · WordPress · Wp Auto Top

Name of the Vulnerable Software and Affected Versions: wp auto top versions prior to 2.9.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2024-35837 · Unknown · Plumeria Web Design Blizzard Quotes

Name of the Vulnerable Software and Affected Versions: Plumeria Web Design Blizzard Quotes versions n/a through 1.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform unauthorized actions on the website. The estimat...

PT-2024-35832 · Icestats · Icestats

Name of the Vulnerable Software and Affected Versions: IceStats versions n/a through 1.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also stor...

PT-2024-35839 · Unknown · April'S Call Posts

Name of the Vulnerable Software and Affected Versions: April's Call Posts versions n/a through 2.1.1 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-35891 · Yahoo · Max Engel Yahoo! Webplayer

Name of the Vulnerable Software and Affected Versions: Max Engel Yahoo! WebPlayer versions n/a through 2.0.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge or...

PT-2024-35894 · Home Junction · Spatialmatch Idx

Name of the Vulnerable Software and Affected Versions: Home Junction SpatialMatch IDX versions n/a through 3.0.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-35888 · Donate Me · Donate Me

Name of the Vulnerable Software and Affected Versions: Donate Me versions 1.2.5 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

WordPress RingCentral Communications plugin <= 1.7.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin RingCentral Communications versions = 1.7.0...

PT-2024-35844 · Unknown · Jason Grim Custom Shortcode Sidebars

Name of the Vulnerable Software and Affected Versions: Jason Grim Custom Shortcode Sidebars versions 1.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...

CVE-2024-8236 Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possibl...