1360 matches found
CVE-2024-12873 Custom Field Manager <= 1.0 - Reflected XSS Vulnerability
The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12808 WP ERP | Complete HR solution with recruitment < 1.13.4 - Admin+ Stored XSS
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...
CVE-2024-12800 IP Based Login < 2.4.1 - Admin+ Stored XSS
The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12739 Mobile Contact Bar < 3.0.5 - Admin+ Stored XSS
The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12716 Simple Basic Contact Form < 20250114 - Admin+ Stored XSS
The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...
CVE-2024-12716 Simple Basic Contact Form < 20250114 - Admin+ Stored XSS
The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...
CVE-2024-12680 Prisna GWT < 1.4.14 - Admin+ Stored XSS
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11266
CVE-2024-11266 concerns the Geocache Stat Bar Widget WordPress plugin, up to version 0.911, which does not sufficiently sanitize/escape certain settings. This can let high-privilege users (e.g., admins) perform Stored Cross-Site Scripting even when unfiltered_html is disallowed, particularly in m...
CVE-2024-11190 jwp-a11y <= 4.1.7 - Admin+ Stored XSS
The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11221 Full Screen (Page) Background Image Slideshow <= 1.1 - Admin+ Stored XSS
The Full Screen Page Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-11189 Social Share And Social Locker – ARSocial < 1.4.2 - Admin+ Stored XSS
The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2024-11140 Real WP Shop Lite Ajax eCommerce Shopping Cart <= 2.0.8 - Admin+ Stored XSS
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for exampl...
CVE-2024-10475 Lead Form Builder < 1.9.8 - Admin+ Stored XSS
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed f...
CVE-2024-10107 Giveaways and Contests by RafflePress < 1.12.17 - Admin+ Stored XSS
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-10145 Hubbub Lite < 1.34.4 - Admin+ Stored XSS
The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10054 Happyforms < 1.26.3 - Admin+ Stored XSS
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10054
The CVE-2024-10054 entry concerns the WordPress Happyforms plugin (versions before 1.26.3). Affected component: settings sanitization/escaping in the plugin allows high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting, potentially even when unfiltered_html is disallowed (nota...
PT-2025-21411 · WordPress · Wp Google Review Slider
Name of the Vulnerable Software and Affected Versions: WP Google Review Slider versions prior to 15.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...
PT-2025-21428 · WordPress · Prisna Gwt Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Prisna GWT WordPress plugin versions prior to 1.4.14 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible even when the unfiltered html capability is disallowed,...
PT-2025-21474 · WordPress · Advanced Cron Manager
Name of the Vulnerable Software and Affected Versions: The Advanced Cron Manager WordPress plugin versions prior to 2.5.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...