MW WP Form < 5.1.0 - Editor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting in versions up to due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute...

CVE-2024-0961

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access ...

CVE-2024-0659

The Easy Digital Downloads – Sell Digital Files eCommerce Store & Payments Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This...

Cross site scripting

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to unrestricted use of the 'headertag' attribute. This makes it possible for authenticated attackers with contributor-level and above...

Cross site scripting

The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Cross site scripting

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

Cross site scripting

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the linkto parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

CVE-2023-6982

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplie...

CVE-2023-6884

This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'placeid' attribute. This makes it possible for authenticated attackers with...

Cross site scripting

This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'placeid' attribute. This makes it possible for authenticated attackers with...

Cross site scripting

The Simply Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Cross site scripting

The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Cross site scripting

The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...

CVE-2023-6807

CVE-2023-6807 affects GeneratePress Premium for WordPress. All versions up to and including 2.3.2 are vulnerable to Stored Cross-Site Scripting via the plugin’s custom meta output, caused by insufficient input sanitization and output escaping on user-supplied attributes. Attack requires authentic...

CVE-2023-7029 WordPress Button Plugin MaxButtons <= 9.7.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-6953 PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting

The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...

CVE-2023-6884

This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'placeid' attribute. This makes it possible for authenticated attackers with...

CVE-2024-0954

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient...

CVE-2024-0678 Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting

The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-0384 WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Recipe Notes

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above...