CVE-2024-6481

The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-23793 · WordPress · Formflow: Whatsapp Social/Advanced Form Builder With Easy Lead Collection

Name of the Vulnerable Software and Affected Versions: The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin versions prior to 2.12.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, ev...

PT-2024-12556 · Indigitall · Iurny

Name of the Vulnerable Software and Affected Versions: The IURNY by INDIGITALL WordPress plugin versions prior to 3.2.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

PT-2023-16597 · WordPress · The Pickup | Delivery | Dine-In Date Time Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Pickup | Delivery | Dine-in date time WordPress plugin versions 1.0.0 through 1.0.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capabili...

PT-2023-7399 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg WordPress plugin versions prior to 2.7.9.4 Description: The issue is related to the Groundhogg WordPress plugin, which does not properly sanitize and escape a parameter before using it in a SQL statement. This leads to a SQL...

CVE-2022-2426

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators...