225 matches found
PT-2024-37445 · Haloitsm · Haloitsm
Name of the Vulnerable Software and Affected Versions: HaloITSM versions up to 2.146.1 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability, where injected JavaScript code can execute arbitrary actions on behalf of the user accessing a ticket. Recommendations: For HaloITSM...
PT-2024-27432 · Striking · Striking
Name of the Vulnerable Software and Affected Versions: Striking versions n/a through 2.3.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions n/a...
PT-2024-27427 · Vcita · Vcita Online Booking & Scheduling Calendar
Name of the Vulnerable Software and Affected Versions: vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita versions n/a through 4.4.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This...
PT-2024-28200 · WordPress · Wp Media Sas Search & Replace
Name of the Vulnerable Software and Affected Versions: WP MEDIA SAS Search & Replace versions n/a through 3.2.2 Description: The issue is related to Deserialization of Untrusted Data, which affects the Search & Replace plugin. Recommendations: For versions n/a through 3.2.2, update to a version...
PT-2024-37717 · WordPress · Addonify – Quick View For Woocommerce
Name of the Vulnerable Software and Affected Versions: Addonify – Quick View For WooCommerce plugin for WordPress versions up to, and including, 1.2.16 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes mobiledetect without preventing direct access...
PT-2024-28131
Name of the Vulnerable Software and Affected Versions Sky Addons for Elementor versions 2.5.5 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations Fo...
PT-2024-37740 · Blubrry · Powerpress Podcasting Plugin
Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting plugin by Blubrry plugin for WordPress versions up to, and including, 11.9.10 Description: The issue is related to Reflected Cross-Site Scripting via the media url parameter due to insufficient input sanitization and...
PT-2024-28180 · Realtyna · Realtyna Organic Idx Plugin
Name of the Vulnerable Software and Affected Versions: Realtyna Organic IDX plugin versions n/a through 4.14.13 Description: The issue affects the Realtyna Organic IDX plugin, allowing for the unrestricted upload of files with dangerous types, which can lead to code injection. Recommendations: Fo...
PT-2024-27652 · Ultraaddons · Ultraaddons Elementor Lite
Name of the Vulnerable Software and Affected Versions: UltraAddons Elementor Lite versions through 1.1.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for potential exploitation. No information...
PT-2024-36969 · WordPress · Extensions For Elementor
Name of the Vulnerable Software and Affected Versions: Extensions for Elementor plugin for WordPress versions up to, and including, 2.0.30 Description: The issue is related to Stored Cross-Site Scripting via the url parameter within the EE Button widget due to insufficient input sanitization and...
PT-2024-13645 · Crocoblock · Crocoblock Jetelements For Elementor
Name of the Vulnerable Software and Affected Versions: Crocoblock JetElements For Elementor versions 2.6.13 and earlier Description: The issue is related to a Missing Authorization vulnerability. This means that there is a lack of proper authorization checks, potentially allowing unauthorized...
PT-2024-14453 · Woo · Woocommerce Product Vendors
Name of the Vulnerable Software and Affected Versions: WooCommerce Product Vendors versions through 2.2.2 Description: A Missing Authorization issue affects the Woo WooCommerce Product Vendors. Recommendations: For versions through 2.2.2, update to a version later than 2.2.2 to resolve the issue...
PT-2024-26705 · Unknown · Woody Ad Snippets
Name of the Vulnerable Software and Affected Versions: Woody ad snippets versions n/a through 2.4.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. No information is...
PT-2024-26669 · Unknown · Magnigenie Restropress
Name of the Vulnerable Software and Affected Versions: MagniGenie RestroPress versions through 3.1.2.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacker can...
PT-2024-26643 · WordPress · Fahad Mahmood Wp Docs
Name of the Vulnerable Software and Affected Versions: Fahad Mahmood WP Docs versions n/a through 2.1.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: Fo...
PT-2024-26644 · WordPress · Fahad Mahmood Wp Docs
Name of the Vulnerable Software and Affected Versions: Fahad Mahmood WP Docs versions n/a through 2.1.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...
PT-2024-28840 · WordPress · Post Blocks +5
Name of the Vulnerable Software and Affected Versions: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress versions up to, and including, 2.2.80 Description: The issue is related to Stored Cross-Site Scripting via the class...
PT-2024-30607 · WordPress · Qi Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's button widgets due to insufficient input sanitization and output escaping on...
PT-2024-26109
Name of the Vulnerable Software and Affected Versions GP Premium plugin for WordPress versions up to, and including, 2.4.0 Description The issue is related to Reflected Cross-Site Scripting via the message parameter due to insufficient input sanitization and output escaping. This allows...
PT-2024-19471 · WordPress · Testimonial Carousel For Elementor
Name of the Vulnerable Software and Affected Versions: Testimonial Carousel For Elementor plugin for WordPress versions up to, and including, 10.2.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's carousel widgets,...