PT-2024-15989 · WordPress · Wp-Strava

Name of the Vulnerable Software and Affected Versions: WP-Strava plugin for WordPress versions up to, and including, 2.12.1 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated...

PT-2024-39833 · WordPress · The Anih - Creative Agency Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The Anih - Creative Agency WordPress Theme versions up to, and including, 2024 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to an incomplete blacklist, insufficient input sanitization, and output...

CVE-2024-10027

The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

CVE-2024-10027 WP Booking Calendar < 10.6.3 - Admin+ Stored XSS

The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

CVE-2024-9878

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-9883

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9883 Pods < 3.2.7.1 - Admin+ Stored XSS

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9883 Pods < 3.2.7.1 - Admin+ Stored XSS

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-39907 · 10Web · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.30 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization a...

CVE-2024-9462

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2024-9591

The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'categoryimage' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9589

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newmetaname' parameter in the 'wpaftoptionpage' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-9590

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaftaddmetatextinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied...

PT-2024-39708 · WordPress · Category/Taxonomy Image

Name of the Vulnerable Software and Affected Versions: The Category and Taxonomy Image plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via the category image parameter due to insufficient input sanitization and output...

CVE-2024-9892

The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

PT-2024-39918 · WordPress · Add Widget After Content

Name of the Vulnerable Software and Affected Versions: Add Widget After Content plugin for WordPress versions up to, and including, 2.4.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

CVE-2024-9776

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2024-5968

The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-5968 Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSS

The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-5968 Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSS

The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...