CVE-2024-13730 Podlove Podcast Publisher < 4.2.1 - Admin+ Stored XSS

The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13730 Podlove Podcast Publisher < 4.2.1 - Admin+ Stored XSS

The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13482 Icegram Engage < 3.1.32 - Admin+ Stored XSS

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13382

CVE-2024-13382 – Calculated Fields Form (WordPress) is a stored XSS vulnerability in versions before 5.2.64 caused by insufficient sanitization/escaping of certain settings. Exploitation requires authenticated admin-level access (Admin+), and can occur even when unfiltered_html is disallowed (e.g...

CVE-2024-13357 Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.52 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13313 AWeber <= 7.3.20 - Admin+ Stored XSS

The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13313 AWeber <= 7.3.20 - Admin+ Stored XSS

The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11221 Full Screen (Page) Background Image Slideshow <= 1.1 - Admin+ Stored XSS

The Full Screen Page Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-11221 Full Screen (Page) Background Image Slideshow <= 1.1 - Admin+ Stored XSS

The Full Screen Page Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-11109

The WP Google Review Slider WordPress plugin before version 15.6 does not sanitize and escape some settings, allowing high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting even when unfiltered_html is disallowed (including multisite setups). Affected component: plugin setting...

CVE-2024-10145 Hubbub Lite < 1.34.4 - Admin+ Stored XSS

The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10143

CVE-2024-10143 affects the MB Custom Post Types & Custom Taxonomies WordPress plugin, prior to version 2.7.7. The issue arises from inadequate sanitisation/escapes of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallo...

PT-2025-21477 · WordPress · Cm Tooltip Glossary

Name of the Vulnerable Software and Affected Versions: CM Tooltip Glossary WordPress plugin version prior to 4.3.4 Description: The issue concerns the CM Tooltip Glossary WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, suc...

PT-2025-21455 · WordPress · Hd Quiz

Name of the Vulnerable Software and Affected Versions: HD Quiz WordPress plugin version prior to 2.0.0 Description: The issue concerns the HD Quiz WordPress plugin, where versions prior to 2.0.0 do not properly sanitise and escape some of its settings. This could allow high privilege users, such ...

PT-2025-21399 · WordPress · Rbs Image Gallery

Name of the Vulnerable Software and Affected Versions: Rbs Image Gallery WordPress plugin versions prior to 3.2.22 Description: The issue concerns the Rbs Image Gallery WordPress plugin, where some settings are not properly sanitized and escaped, potentially allowing high-privilege users, such as...

CVE-2025-3583

The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3583 Newsletter < 8.7.1 - Admin+ Stored XSS

The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3583 Newsletter < 8.7.1 - Admin+ Stored XSS

The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3504

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3503

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...