3475 matches found
PT-2024-37788 · WordPress · Wpbot
Name of the Vulnerable Software and Affected Versions: The AI ChatBot for WordPress – WPBot plugin for WordPress versions up to, and including, 5.5.7 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. Thi...
CVE-2024-5644
The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6070
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-6070
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-5442
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-5151
The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3964
The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2024-4602
The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4602
The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6070 if-so < 1.8.0.4 - Admin+ Stored XSS
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-6070 if-so < 1.8.0.4 - Admin+ Stored XSS
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-5644
CVE-2024-5644 affects the Tournamatch WordPress plugin prior to 4.6.1. The issue arises from insufficient sanitisation/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., administrators) even when unfiltered_html is disabled (such as in multisite). Impact is li...
CVE-2024-5442 NextGEN Gallery < 3.59.3 - Admin+ Stored XSS
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-5442
Summary of CVE-2024-5442 (NextGEN Gallery) : The WordPress plugin NextGEN Gallery (versions before 3.59.3) contains sanitization/escaping flaws in settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., administrators) even when unfiltered_html is disallowed (such as in mult...
CVE-2024-5472 WP QuickLaTeX < 3.8.7 - Admin+ Stored XSS in Background Color field
The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5442 NextGEN Gallery < 3.59.3 - Admin+ Stored XSS
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-5472
The exploit details for CVE-2024-5472 indicate that WP QuickLaTeX for WordPress (pre-3.8.7) fails to sanitise/escape certain plugin settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as multisite). The Red Hat and CVE records corrobo...
CVE-2024-5151
The CVE-2024-5151 entry concerns the SULly WordPress plugin prior to version 4.3.1. The vulnerability is a Stored XSS caused by insufficient sanitization/escaping of plugin settings, potentially allowing high-privilege users (e.g., administrators) to inject scripts even when unfiltered_html is di...
CVE-2024-5002 User Submitted Posts < 20240516 - Admin+ Stored XSS
The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4602 Embed Peertube Playlist < 1.10 - Editor+ Stored XSS
The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...