WordPress Essential Addons for Elementor plugin <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via nomoreitemstext Parameter vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 5.9.27...

WordPress WP eMember plugin <= 10.7.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions v10.7.0...

WordPress plugin Spectra Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-4096

The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks...

PT-2024-37470 · WordPress · Request A Quote

Name of the Vulnerable Software and Affected Versions: Request a Quote WordPress plugin versions prior to 2.4.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

PT-2024-27649 · Perials · Perials Simple Social Share

Name of the Vulnerable Software and Affected Versions: Perials Simple Social Share versions n/a through 3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations...

CVE-2024-37958

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4...

PT-2024-28126 · Unknown · Post Layouts For Gutenberg

Name of the Vulnerable Software and Affected Versions: Post Layouts for Gutenberg versions 1.2.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendation...

CVE-2023-7269

The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

WordPress WP Affiliate Platform plugin < 6.5.1 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

WordPress Seriously Simple Podcasting plugin < 3.3.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Thanh Hang in WordPress Plugin Seriously Simple Podcasting versions 3.3.0...

CVE-2024-6256

The Feeds for YouTube YouTube video, channel, and gallery plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-6011

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

ResidenceCMS 跨站脚本漏洞

ResidenceCMS is a fast, lightweight property management system. A cross-site scripting vulnerability exists in ResidenceCMS version 2.10.1, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to create malicious...

PT-2024-35131 · WordPress · Easy Google Maps

Name of the Vulnerable Software and Affected Versions: Easy Google Maps plugin for WordPress versions up to, and including, 1.11.15 Description: The issue arises from insufficient input sanitization and output escaping in the plugin's file upload feature, allowing authenticated attackers with...

PT-2024-37568 · WordPress · Stock Ticker

Name of the Vulnerable Software and Affected Versions: Stock Ticker plugin for WordPress versions up to, and including, 3.24.4 Description: The issue is related to Stored Cross-Site Scripting via the stock ticker shortcode due to insufficient input sanitization and output escaping on user-supplie...

CVE-2024-4957

The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5447

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...

CVE-2024-37343

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrato...

WordPress plugin EmbedSocial security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...