Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.5 views

CVE-2024-10869

The WordPress Brute Force Protection – Stop Brute Force Attacks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.6. This makes it possible for...

6.1CVSS5.6AI score0.00452EPSS
Exploits0References1
OSV
OSV
added 2024/11/23 5:15 a.m.5 views

CVE-2024-10880

The JobBoardWP – Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated...

6.1CVSS7.5AI score0.00462EPSS
Exploits0References4
OSV
OSV
added 2024/11/09 7:15 a.m.6 views

CVE-2024-10683

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers...

6.1CVSS6AI score0.00368EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.5 views

PT-2024-39160 · WordPress · Koko Analytics

Name of the Vulnerable Software and Affected Versions: Koko Analytics plugin for WordPress versions prior to 1.3.13 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts in pages. This can...

6.1CVSS7.3AI score0.00444EPSS
Exploits0References7
OSV
OSV
added 2024/09/14 6:15 a.m.3 views

CVE-2024-8797

The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. This makes it possible for unauthenticated attackers...

6.1CVSS6AI score0.00475EPSS
Exploits0References3
OSV
OSV
added 2024/09/13 7:15 a.m.6 views

CVE-2024-8665

The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

6.1CVSS6AI score0.00466EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.9 views

PT-2024-39162 · WordPress · Wp Test Email

Name of the Vulnerable Software and Affected Versions: WP Test Email plugin for WordPress versions up to, and including, 1.1.7 Description: The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the UR...

6.1CVSS6.5AI score0.00359EPSS
Exploits0References8
Rows per page
Query Builder