5210 matches found
CVE-2024-9830 Bard <= 2.216 - Reflected Cross-Site Scripting via add_query_arg Parameter
The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.216. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...
CVE-2024-52763
A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter...
CVE-2024-52762
A cross-site scripting XSS vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter...
CVE-2024-52762
A cross-site scripting XSS vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter...
CVE-2024-52762
A cross-site scripting XSS vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter...
CVE-2024-52763
A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter...
CVE-2024-10390
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10592
The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-9938
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9615
The BulkPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.3.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-10875
The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removeQueryArg without appropriate escaping on the URL in all versions up to, and including, 1.6.58. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-8873
CVE-2024-8873 : PeproDev WooCommerce Receipt Uploader for WordPress is vulnerable to Reflected Cross-Site Scripting due to improper escaping of URLs when using add_query_arg, affecting all versions up to and including 2.6.9. Exploitation requires user interaction (e.g., tricking a user into click...
CVE-2024-8873 PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting
The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-9938 Bounce Handler MailPoet 3 <= 1.3.21 - Reflected Cross-Site Scripting
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9615
CVE-2024-9615 (BulkPress) affects the WordPress plugin BulkPress up to version 0.3.5. Root cause: use of add_query_arg without proper escaping in URLs, enabling Reflected Cross-Site Scripting. Impact: unauthenticated attackers can inject scripts into pages executed when a user clicks a manipulate...
CVE-2024-10147 Steel <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn Shortcode
The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2024-9615 BulkPress <= 0.3.5 - Reflected Cross-Site Scripting
The BulkPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.3.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-10875 Gallery Manager <= 1.6.58 - Reflected Cross-Site Scripting
The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removeQueryArg without appropriate escaping on the URL in all versions up to, and including, 1.6.58. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...