CVE-2022-34561

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter...

CVE-2022-34562

CVE-2022-34562 is a cross-site scripting (XSS) vulnerability in PHPFox v4.8.9. The flaw enables attackers to run arbitrary web scripts/HTML through a crafted payload injected into the status box. Affected software: PHPFox 4.8.9. Underlying cause: XSS in the status box (no additional technical det...

CVE-2022-34561

CVE-2022-34561 is a cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 that allows injection of arbitrary web scripts/HTML through the video description parameter. Documented in multiple sources (NVD, Red Hat, CVE list, CNNVD, PT Security) with CVSS v3.1 base score 4.3 (Medium) and network...

CVE-2022-34560

CVE-2022-34560 affects PHPFox v4.8.9 with a reflected XSS via the History parameter. The vulnerability allows attackers to execute arbitrary web scripts or HTML in affected web pages. Documented impact is limited to client-side script execution; no exploitation details are provided in the sources...

CVE-2024-1730

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in...

CVE-2024-1730

CVE-2024-1730 is a Stored Cross-Site Scripting vulnerability in the Prime Slider – Addons For Elementor WordPress plugin. The issue affects all versions up to 3.14.0 and stems from insufficient input sanitization and output escaping in links, images from URLs, and HTML in widgets. Exploitation re...

CVE-2024-32206

A stored cross-site scripting XSS vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter...

CVE-2024-3731

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-3615

The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-3600

CVE-2024-3600 affects the Poll Maker – Best WordPress Poll Plugin for WordPress. According to Red Hat and corroborated by Wordfence sources, it enables Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action and insufficient escaping/sanitizatio...

CVE-2024-3818 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplie...

CVE-2024-3818

CVE-2024-3818 affects the Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates WordPress plugin. The issue is a DOM-based stored XSS in the Social Icons block, arising from insufficient input sanitization/output escaping on user-supplied attributes. Affected versions include all...

CVE-2024-3731

CVE-2024-3731 affects the Customer Reviews for WooCommerce plugin for WordPress. It is a Reflected XSS via the 's' parameter in all versions up to and including 5.47.0, due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject web scripts into pag...

CVE-2024-3615

The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-3615

CVE-2024-3615 : The WordPress plugin Media Library Folders (Media Library Folders) is vulnerable to Reflected XSS via the s parameter in all versions up to 8.2.0 due to insufficient input sanitization and output escaping. Exploitation requires an action by a user (e.g., clicking a crafted link) a...

CVE-2024-3598 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-3560 LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-32206

A stored cross-site scripting XSS vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter...

CVE-2024-32206

CVE-2024-32206 describes a stored XSS in WUZHICMS v4.1.0, specifically the \affiche\admin\index.php component, where a crafted payload in the $formdata parameter can cause arbitrary web script/HTML execution. The vulnerability is documented across multiple sources (NVD/Red HatOSV/CVE lists) with ...

CVE-2023-6892

The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'algwceanproductmeta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...