PT-2024-32702 · Copyscape · Copyscape Premium

Name of the Vulnerable Software and Affected Versions: Copyscape Premium versions through 1.3.6 Description: A Cross-Site Request Forgery CSRF vulnerability is present in Copyscape Premium, allowing Stored XSS. Recommendations: For versions through 1.3.6, update to a version that fixes the CSRF...

PT-2024-39558 · WordPress · Locateandfilter Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: LocateAndFilter plugin for WordPress versions up to, and including, 1.6.14 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

PT-2024-39356 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's osm map and osm map v3 shortcodes due to insufficient input sanitization and outpu...

CVE-2024-9173

The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

CVE-2024-7617

The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2024-39372 · WordPress · Wp Gpx Map

Name of the Vulnerable Software and Affected Versions: WP GPX Maps plugin for WordPress versions up to, and including, 1.7.08 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode due to insufficient input sanitization and output escaping on...

Exploit for Cross-Site Request Forgery (CSRF) in Creativeitem Academy_Lms

CVE-2022-47131 Academy LMS = 5.10 CSRF / XSS Descriptio...

PT-2024-31647 · Unknown · Spiffy Calendar

Name of the Vulnerable Software and Affected Versions: Spiffy Calendar versions through 4.9.13 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can inject malicio...

WordPress Advanced WordPress Backgrounds plugin <= 1.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via imageTag Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via imageTag Parameter vulnerability discovered by Webbernaut in WordPress Plugin Advanced WordPress Backgrounds versions = 1.12.3...

PT-2024-11596 · WordPress · Cab Fare Calculator

Name of the Vulnerable Software and Affected Versions: The Cab fare calculator plugin for WordPress versions up to, and including, 1.1.6 Description: The issue is related to Stored Cross-Site Scripting via the vehicle title setting due to insufficient input sanitization and output escaping. This...

Dassault Systèmes 3DEXPERIENCE 跨站脚本漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes 3DEXPERIENCE version R2024x, which stems from susceptibility to a stored cross-site scripting attack that allows an attacker to...

CVE-2024-3998

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-38091 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.6 Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets due to insufficient input...

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3944

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...

WordPress Special Feed Items plugin <= 1.0.1 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Special Feed Items versions = 1.0.1...

WordPress plugin Gutenverse 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin LiquidPoll 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-43329

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7...

PT-2024-37694 · WordPress · Sheet To Table Live Sync For Google Sheet

Name of the Vulnerable Software and Affected Versions: The Sheet to Table Live Sync for Google Sheet plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's STWT Sheet Table shortcode due to insufficient input...