CVE-2024-7716 GS Logo Slider Lite < 3.6.9 - Admin+ Stored XSS

The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7655

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-7618

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-7955

The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7955 Starbox < 3.5.2 - Admin+ Stored XSS

The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-38455 · Peepso · The Community By Peepso

Name of the Vulnerable Software and Affected Versions: The Community by PeepSo plugin for WordPress versions up to, and including, 6.4.5.0 Description: The issue is related to Stored Cross-Site Scripting via the content parameter due to insufficient input sanitization and output escaping. This...

PT-2024-38483 · Peepso · The Community By Peepso

Name of the Vulnerable Software and Affected Versions: The Community by PeepSo plugin for WordPress versions up to, and including, 6.4.5.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...

CVE-2024-7918

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7918

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7918 Pocket Widget <= 0.1.3 - Admin+ Stored XSS

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7918 Pocket Widget <= 0.1.3 - Admin+ Stored XSS

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5561 Popup Maker < 1.19.1 - Admin+ Stored XSS

The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-38716 · WordPress · Starbox

Name of the Vulnerable Software and Affected Versions: The Starbox WordPress plugin versions prior to 3.5.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

PT-2024-38685 · WordPress · Pocket Widget

Name of the Vulnerable Software and Affected Versions: Pocket Widget WordPress plugin version 0.1.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite...

PT-2024-36565 · WordPress · Popup Maker

Name of the Vulnerable Software and Affected Versions: The Popup Maker WordPress plugin versions prior to 1.19.1 Description: The issue concerns a Stored Cross-Site Scripting flaw in the Popup Maker WordPress plugin. This flaw arises because the plugin does not properly sanitize and escape some o...

CVE-2022-3556

The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative...

CVE-2022-3556

The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative...

PT-2024-11596 · WordPress · Cab Fare Calculator

Name of the Vulnerable Software and Affected Versions: The Cab fare calculator plugin for WordPress versions up to, and including, 1.1.6 Description: The issue is related to Stored Cross-Site Scripting via the vehicle title setting due to insufficient input sanitization and output escaping. This...

CVE-2024-6889

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

CVE-2024-6722

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...