5210 matches found
CVE-2024-0837
Technical details beyond the initial description are not provided in the attached documents. Monitor for updates to confirm affected versions, impact, and fixes.
CVE-2024-2471
The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type' in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This...
CVE-2024-2656
CVE-2024-2656: Icegram Express Email Subscribers for WordPress contains Stored XSS via CSV import in all versions up to 5.7.14. Exploitation requires authenticated admin-level access (plus). Affected on multi-site installations and where unfiltered_html is disabled; root cause is insufficient inp...
CVE-2024-2868
CVE-2024-2868 affects the ShopLentor (WooCommerce Builder) WordPress plugin. The vulnerability is stored XSS via the slitems parameter in the WL Special Day Offer Widget, present in all versions up to 2.8.3 due to insufficient input sanitization and output escaping. Exploitation requires authenti...
Woocommerce Social Media Share Buttons <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting
Description The Woocommerce Social Media Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...
CVE-2024-3162
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...
CVE-2024-1327
CVE-2024-1327 affects the Jeg Elementor Kit WordPress plugin. It allows Stored XSS via the Image Box widget in all versions up to 2.6.3 due to inadequate input sanitization and output escaping. Exploitation requires contributor-level authentication (or higher); the script executes when a user loa...
CVE-2024-1327 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-lev...
SpiderFAQ <= 1.3.2 - Reflected Cross-Site Scripting
Description The SpiderFAQ plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Kanban Boards for WordPress <= 2.5.21 - Reflected Cross-Site Scripting
Description The Kanban Boards for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.5.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
Jobeleon Theme < 1.9.2 - Reflected Cross-Site Scripting
Description The Jobeleon WPJobBoard theme for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Mailster < 2.0.0 - Reflected Cross-Site Scripting
Description The Mailster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Mang Board WP < 1.8.1 - Reflected Cross-Site Scripting
Description The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Booking Activities < 1.15.20 - Reflected Cross-Site Scripting
Description The Booking Activities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.15.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
collectchat < 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The collectchat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Contest Gallery < 21.3.6 - Reflected Cross-Site Scripting
Description The Contest Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 21.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
Spiffy Calendar < 4.9.10 - Reflected Cross-Site Scripting
Description The Spiffy Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
Hacklog Down As PDF <= 2.3.6 - Reflected Cross-Site Scripting
Description The Hacklog Down As PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
SEO Title Tag <= 3.5.9 - Reflected Cross-Site Scripting
Description The SEO Title Tag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...