CVE-2024-6722 Chatbot Support AI <= 1.0.2 - Admin+ Stored XSS

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

PT-2024-37822 · WordPress · Woocommerce Chatbot Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin versions 1.0.2 and earlier Description: The issue is related to the lack of sanitization and escaping of some settings in the plugin, which could allow...

PT-2024-37929 · WordPress · Secure Copy Content Protection/Content Locking

Name of the Vulnerable Software and Affected Versions: Secure Copy Content Protection and Content Locking WordPress plugin versions prior to 4.1.7 Description: The issue is related to the Secure Copy Content Protection and Content Locking WordPress plugin, which does not properly sanitise and...

CVE-2024-7132

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts editor and admin by default to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3944

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...

CVE-2024-7132 CoBlocks < 3.1.13 - Editor+ Stored XSS

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts editor and admin by default to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

CVE-2024-6927 Viral Signup <= 2.1 - Admin+ Stored XSS

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6927 Viral Signup <= 2.1 - Admin+ Stored XSS

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7132 CoBlocks < 3.1.13 - Editor+ Stored XSS

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts editor and admin by default to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

CVE-2024-7132

CVE-2024-7132 affects the Page Builder Gutenberg Blocks WordPress plugin prior to version 3.1.13. The issue stems from insufficient escaping of the content of post embeds in one block, enabling stored Cross-Site Scripting by users with publish-post capability (editors/admin by default), even when...

BIT-WORDPRESS-MULTISITE-2024-43337

Cross-Site Request Forgery CSRF vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0...

PT-2024-28499 · WordPress · Wp To Do

Name of the Vulnerable Software and Affected Versions: WP To Do plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is a Stored Cross-Site Scripting problem due to insufficient input sanitization and output escaping, allowing authenticated attackers with...

CVE-2024-3282

The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3282 WP Table Builder <= 1.5.0 - Admin+ Stored XSS

The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-37859 · WordPress · Wordsurvey

Name of the Vulnerable Software and Affected Versions: WordSurvey plugin for WordPress versions up to, and including, 3.2 Description: The issue is related to Stored Cross-Site Scripting via the sounding title parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2022-3399

The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookienoticeoptionsrefusecodehead' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress PVN Auth Popup 1.0.0 Cross Site Scripting Vulnerability

Exploit Title: PVN Auth Popup alert1 for the "Login text" input 3. Save and see the XSS Note: Other fields are likely vulnerable...

CVE-2024-6724

The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...