CVE-2024-1571

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe...

CVE-2024-0826

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-19630 · 10Web · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.21 Description: The issue is related to Stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization...

CVE-2024-2868

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to...

WordPress Jeg Elementor Kit plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box andTestimonial vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Box andTestimonial vulnerability discovered by Nikolas in WordPress Plugin Jeg Elementor Kit versions = 2.6.3...

CVE-2024-2925

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

PT-2024-23778 · Toastie Studio · Woocommerce Social Media Share Buttons

Name of the Vulnerable Software and Affected Versions: Woocommerce Social Media Share Buttons versions 1.3.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in Toastie Studio Woocommerce Social Media Share Buttons. Recommendations: For...

WordPress Plugin Ultimate Addons for Beaver Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress WP-Eggdrop plugin <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan in WordPress Plugin WP-Eggdrop versions = 0.1...

PT-2024-23371 · Unknown · Testimonial Slider

Name of the Vulnerable Software and Affected Versions: GS Testimonial Slider versions 3.1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

PT-2024-11725 · Unknown · Nickys Image Map Pro

Name of the Vulnerable Software and Affected Versions: Nickys Image Map Pro versions prior to 5.6.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, an...

PT-2024-22789 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.128 Description: A Stored Cross-Site Scripting XSS vulnerability has been identified within the Signature Input Field of the FreeScout Application. This occurs when user input is not properly sanitized and is...

CVE-2024-29117

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0...

PT-2024-18305 · WordPress · Contests By Rewards Fuel

Name of the Vulnerable Software and Affected Versions: Contests by Rewards Fuel plugin for WordPress versions up to, and including, 2.0.64 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...

CVE-2024-26065

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

PT-2024-21733 · Beepress · Beepress

Name of the Vulnerable Software and Affected Versions: BeePress versions through 6.9.8 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions through 6.9.8, update to a version that contains a fix for this issue. At the...

PT-2024-21022 · Unknown · Broken Link Checker

Name of the Vulnerable Software and Affected Versions: Broken Link Checker versions through 2.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

PT-2024-21731 · Unknown · Watermark Reloaded

Name of the Vulnerable Software and Affected Versions: Watermark RELOADED versions 1.3.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2024-21730 · Google · Fontific

Name of the Vulnerable Software and Affected Versions: Fontific | Google Fonts versions 0.1.6 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-19486 · WordPress · Oik

Name of the Vulnerable Software and Affected Versions: oik plugin for WordPress versions up to, and including, 4.10.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes, such as bw contact button and bw button shortcodes, due to insufficient input...