CVE-2024-3628 EasyEvent <= 1.0.0 - Admin+ Stored XSS

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-3637

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Jeg Elementor Kit < 2.6.5 - Contributor+ Stored XSS via Elementor Widget URL Custom Attributes

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

IDonate <= 1.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to...

kernel: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()

An integer overflow flaw was found in the Linux kernel's nl80211 wireless configuration interface in the MBSSID element parsing logic. A local user with CAPNETADMIN capability can trigger this issue by specifying 256 or more MBSSID elements through the nl80211 interface, causing the u8 counter...

Sailthru Triggermail <= 1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open:...

Social Icons Widget & Block < 4.2.18 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. As an administrator,...

CVE-2024-1905 Smart Forms < 2.6.96 - Admin+ Stored XSS

The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

CVE-2024-2908 Call Now Button < 1.4.7 - Admin+ Stored XSS

The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Nextgen Gallery < 3.59.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Add the "NextGEN Media RSS" Widget to the blog Appearance Widgets 2. Change the...

Newsletter Popup <= 1.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Newsletter Popup Add New...

CVE-2024-2118

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

CVE-2024-1754

The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1712

The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-7201 Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload

The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

Modal Window < 5.3.10 - Modal Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC Have a logged in admin open an HTML file containing where ID is an existing modal: action...

AGCA – Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate AGCA, and select the...

Breeze < 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape its breezeapitoken settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-42931

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication...