CVE-2024-9438 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting

The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-10000

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-9116

CVE-2024-9116 concerns the Monkee-Boy Essentials WordPress plugin. The connected sources confirm a stored XSS via SVG file uploads in all versions up to 1.1, caused by insufficient input sanitization and output escaping. The vulnerability requires authenticated access at Author level or higher, e...

CVE-2024-9613

The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-8870 Forms for Mailchimp by Optin Cat – Grow Your MailChimp List <= 2.5.7 - Reflected Cross-Site Scripting

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated...

CVE-2024-9613 FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting

The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-10343 Beek Widget Extention <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Beek Widget Extention plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2024-10342

The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2024-9607

The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2024-9607

The CVE CVE-2024-9607 affects the WordPress plugin 10Web Social Post Feed (versions

CVE-2024-9607 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting

The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2024-37844

A stored cross-site scripting XSS vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-10180

The Contact Form 7 – Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fieldgroup shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-8717

The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdfsource' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-8717

CVE-2024-8717 : DearFlip – PDF Flipbook WordPress plugin vulnerable to Reflected Cross‑Site Scripting via the pdf_source parameter in all versions up to and including 2.3.32. Exploitation requires user interaction (e.g., clicking a link) and unauthenticated access. Affected: DearFlip WordPress pl...

CVE-2024-8717 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting

The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdfsource' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-9865

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘epbookingattendeefields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-9864

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

CVE-2024-9864

CVE-2024-9864 affects the WordPress plugin EventPrime – Events Calendar, Bookings and Tickets (versions up to 4.0.4.7). It is a Stored Cross‑Site Scripting (XSS) vulnerability due to insufficient input sanitization and output escaping in ticket name handling, exploitable by unauthenticated attack...

CVE-2024-9865

CVE-2024-9865 : EventPrime – Events Calendar, Bookings and Tickets (WordPress) is vulnerable to unauthenticated stored XSS via ep_booking_attendee_fields in all versions up to 4.0.4.7. The issue arises from insufficient input sanitization and output escaping, enabling script injection that runs w...