CVE-2024-4092

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web...

CVE-2024-4092

CVE-2024-4092 affects Slider Revolution (revslider) for WordPress. It is a Stored XSS via the htmltag parameter in all versions up to 6.7.7. Exploitation is possible by authenticated users (administrators; authors if enabled) and can affect pages viewed by other users. The CVE entry is marked as ...

CVE-2024-1386

CVE-2024-1386 impacts the MailerLite – Signup forms (official) WordPress plugin. It enables Stored Cross-Site Scripting via shortcode attributes in versions 1.5.0–1.7.6, allowing authenticated attackers with contributor-level and higher to inject scripts into pages. The provided documents confirm...

CVE-2024-3677

CVE-2024-3677 refers to The Ultimate 410 Gone Status Code plugin for WordPress, vulnerable to Stored XSS via the 410 entries in all versions up to 1.1.4. The issue requires authentication at contributor+ level and can cause arbitrary script execution on pages loaded by users. The vulnerability ha...

CVE-2024-1805 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button onclick attribute

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...

CVE-2024-3489 Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-3489

The CVE-2024-3489 entry concerns Exclusive Addons for Elementor (WordPress). It describes a Reflected Cross-Site Scripting vulnerability in the Countdown Expired Title, affecting all versions up to 2.6.9.4. The root cause is insufficient input sanitization and output escaping, enabling unauthenti...

CVE-2024-1993

CVE-2024-1993 affects the WordPress Icon Widget plugin. Versions up to and including 1.3.0 are vulnerable to Stored XSS via shortcode attributes due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling an attac...

CVE-2024-3670

CVE-2024-3670 : Leaflet Maps Marker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mapsmarker shortcode in all versions up to and including 3.12.8. Root cause: insufficient input sanitization and output escaping for user-provided shortcode attributes (e.g., mapwidthunit...

CVE-2024-3991

CVE-2024-3991 affects ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules (formerly WooLentor) for WordPress. The vulnerability is Stored Cross-Site Scripting via the _id attribute in the Horizontal Product Filter in all versions up to 2.8.7, caused by insufficient input saniti...

CVE-2024-4203 Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-3647 Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style'

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-3338

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...

CVE-2024-3338

The CVE-2024-3338 entry concerns Colibri Page Builder for WordPress. It enables Stored Cross-Site Scripting via the image alt data parameter in all versions up to 1.0.262 due to insufficient input sanitization and output escaping. Authenticated attackers with author-level access and above can inj...

CVE-2024-1841 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...

CVE-2024-3341 Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxgmaps' shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2024-2750 Exclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-3021 Mhr Post Ticker <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Header Title value in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acces...

CVE-2024-3045 PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-3045

Technical details about CVE-2024-3045 (affected plugin versions, root cause, exploitation, and remediation) are not present in the provided connected documents. Monitor official advisories (NVD/Red Hat/ENISA/Wordfence) for updates and fixes.