3475 matches found
PT-2024-37754 · WordPress · Wp Total Branding
Name of the Vulnerable Software and Affected Versions: WP Total Branding – Complete branding solution for WordPress plugin versions prior to 1.2 Description: The issue arises from insufficient input sanitization and output escaping in admin settings, allowing authenticated attackers with...
CVE-2024-6138
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
CVE-2024-6138 Secure Copy Content Protection < 4.0.9 - Admin+ Stored XSS
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
WordPress Multisite Content Copier/Updater plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Multisite Content Copier/Updater versions = 2.0.0...
WordPress Multisite Content Copier/Updater Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Multisite Content Copier/Updater Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38673 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 84ff3a1a21a7 Credits Dimas Maulana...
CVE-2024-3410
The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3410
The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3410
The DN Footer Contacts WordPress plugin (DN Footer Contacts) has a stored XSS vulnerability in versions prior to 1.6.3 due to insufficient sanitization/escaping of certain settings. The issue could allow high-privilege users (e.g., admins) to execute Stored XSS, potentially in multisite setups wh...
CVE-2024-3999
The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4627
The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...
CVE-2024-3999 EazyDocs < 2.5.0 - Admin+ Stored XSS
The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3999 EazyDocs < 2.5.0 - Admin+ Stored XSS
The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3999
Summary (CVE-2024-3999) : The EazyDocs WordPress plugin, prior to version 2.5.0, fails to sanitise and escape certain settings, enabling stored XSS by high-privilege users (e.g., administrators). This risk persists even when unfiltered_html is disallowed (such as in multisite setups). The issue i...
CVE-2024-4627
CVE-2024-4627 affects Rank Math SEO for WordPress prior to 1.0.219. It is an authenticated Stored XSS due to insufficient sanitisation/escaping of settings, exploitable by users with access to General Settings (admin by default, but grantable via Role Manager in
CVE-2024-4627 Rank Math SEO < 1.0.219 - Authenticated Stored XSS
The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...
CVE-2024-6130
The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6130
The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6130 Form Maker by 10Web < 1.15.26 - Admin+ Stored XSS
The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6130
The CVE-2024-6130 entry concerns The Form Maker by 10Web WordPress plugin prior to version 1.15.26, where certain settings are not properly sanitised/escaped. The Red Hat and CVE databases confirm this can enable Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disa...
CVE-2024-5473
The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...