WordPress Friendly Functions for Welcart plugin <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Friendly Functions for Welcart versions = 1.2.4...

PT-2024-34311 · David Garcia · Domain Sharding

Name of the Vulnerable Software and Affected Versions: David Garcia Domain Sharding versions 1.2.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-34796 · Skip To · Skip To

Name of the Vulnerable Software and Affected Versions: Skip To versions n/a through 2.0.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also sto...

PT-2024-34786 · Seo Free · Seo Free

Name of the Vulnerable Software and Affected Versions: Seo Free versions n/a through 1.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also stor...

PT-2024-34797 · Unknown · Mario Spinaci Update Notifications

Name of the Vulnerable Software and Affected Versions: Mario Spinaci UPDATE NOTIFICATIONS versions 0.3.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the...

CVE-2024-50837

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/adminuser.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters...

PT-2024-34803 · Geekrmx · Geekrmx Twitter @Anywhere Plus

Name of the Vulnerable Software and Affected Versions: GeekRMX Twitter @Anywhere Plus versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that can lead to Stored XSS. This problem affects GeekRMX Twitter @Anywhere Plus, allowing for potential malicio...

PT-2024-15976 · Wpforms · File Upload Types

Name of the Vulnerable Software and Affected Versions: File Upload Types by WPForms plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allo...

CVE-2024-9589

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newmetaname' parameter in the 'wpaftoptionpage' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-49335

Cross-Site Request Forgery CSRF vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2...

PT-2024-33476 · Unknown · Edush Maxim Googledrive Folder List

Name of the Vulnerable Software and Affected Versions: Edush Maxim GoogleDrive folder list versions n/a through 2.2.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in Edush Maxim GoogleDrive folder list, which allows Stored XSS. This can lead to Stored Cross Site...

PT-2024-33359 · Unknown · Cj Change Howdy

Name of the Vulnerable Software and Affected Versions: CJ Change Howdy versions 3.3.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and...

CVE-2024-9582

The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementsReady Addons for Elementor versions = 6.4.3...

PT-2024-10574

Name of the Vulnerable Software and Affected Versions MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to, and including, 3.1.2 Description The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input...

CVE-2024-9457

The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

PT-2024-39406 · WordPress · Gdpr-Extensions-Com – Consent Manager

Name of the Vulnerable Software and Affected Versions: GDPR-Extensions-com – Consent Manager plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping...

CVE-2024-9021

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.986 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team Member Widget vulnerability discovered by Webbernaut in WordPress Plugin Royal Elementor Addons versions = 1.3.986...

CVE-2024-47366

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6...