CVE-2024-25412

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field...

CVE-2024-6931

The CVE pertains to WordPress The Events Calendar plugin. Affected: The Events Calendar plugin for WordPress, versions up to and including 6.6.3. Root cause: Stored Cross-Site Scripting via the RSVP name field due to insufficient input sanitization and output escaping. Impact: unauthenticated att...

CVE-2024-8681

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-25412

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field...

CVE-2024-25411

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php...

CVE-2024-25411

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php...

CVE-2024-46453

A cross-site scripting XSS vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-25411

Flatpress v1.3 is affected by a cross-site scripting (XSS) vulnerability that allows an attacker to inject arbitrary web scripts/HTML via the username parameter in setup.php. The issue is documented across multiple sources (NVD, Red Hat, OSV, CVE lists) with a consistent description. The PT-2024-...

CVE-2024-46453

The CVE-2024-46453 entry describes a cross-site scripting (XSS) vulnerability in iq3xcite, affecting versions 2.31 to 3.05 with the vulnerable entry point at the /test/ component. The vulnerability allows an attacker to run arbitrary web scripts/HTML via a crafted payload and is rated at CVSS v3....

CVE-2024-9127 Super Testimonials <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter

The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-8872 Store Hours for WooCommerce <= 4.3.20 - Reflected Cross-Site Scripting

The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-8872 Store Hours for WooCommerce <= 4.3.20 - Reflected Cross-Site Scripting

The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-8803 Bulk NoIndex & NoFollow Toolkit <= 2.15 - Reflected Cross-Site Scripting

The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-8803 Bulk NoIndex & NoFollow Toolkit <= 2.15 - Reflected Cross-Site Scripting

The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-9169

CVE-2024-9169 (LiteSpeed Cache for WordPress) : A stored XSS exists in all versions up to 6.4.1 due to insufficient input sanitization and output escaping in plugin debug settings. Exploitation requires administrator-level privileges and affects multi-site installs or sites with unfiltered_html d...

CVE-2024-8668

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input...

CVE-2024-8741

The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to inject...

CVE-2024-8549

The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible for unauthenticated attackers to inject...

CVE-2024-7617

The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9024

CVE-2024-9024 concerns the WordPress plugin Material Design Icons (