WordPress dejure.org Vernetzungsfunktion plugin <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin dejure.org Vernetzungsfunktion versions = 1.97.5...

PT-2024-16726 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.8.19 Description: The issue is related to Stored Cross-Site Scripting via the calculations parameter due to insufficient input...

WordPress Clickbank Storefront plugin <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Clickbank Storefront versions = 1.7...

WordPress Campaign Monitor Forms by Optin Cat plugin <= 2.5.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Campaign Monitor Forms versions = 2.5.7...

WordPress yPHPlista plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin yPHPlista versions = 1.1.1...

WordPress Hebrew Date plugin <= 2.1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Hebrew Date versions = 2.1.0...

WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Featured Posts Scroll versions = 1.25...

CVE-2024-49223

Cross-Site Request Forgery CSRF vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1...

CVE-2024-45458

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13...

CVE-2024-8054

The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-7606

The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-6450

HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting XSS. An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser...

CVE-2024-43301

Cross-Site Request Forgery CSRF vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7...

ZOHO ManageEngine ServiceDesk Plus和SupportCenter Plus 安全漏洞

ZOHO ManageEngine ServiceDesk Plus SDP and ZOHO ManageEngine SupportCenter Plus are both products of ZOHO, Inc.ZOHO ManageEngine ServiceDesk Plus is a suite of ITIL architecture-based ZOHO ManageEngine ServiceDesk Plus is an ITIL-based IT service management software. The software integrates...

CVE-2024-6379

A reflected Cross-site Scripting XSS vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

PT-2024-27643 · Unknown · Image Hover Effects - Caption Hover With Carousel

Name of the Vulnerable Software and Affected Versions: Image Hover Effects - Caption Hover with Carousel versions 3.0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Masamichi Aoki Patchstack Alliance in WordPress Plugin Comment Reply Email versions = 1.3...

CVE-2024-4757

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5448

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfo...

CVE-2024-26088

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...