CVE-2024-4753 WP Secure Maintenance < 1.7 - Admin+ Stored XSS

The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2696 Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2696 Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3112 Quotes and Tips < 1.45 - Admin+ Arbitrary File Upload

The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2024-3112 Quotes and Tips < 1.45 - Admin+ Arbitrary File Upload

The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2024-0974 Social Media Widget < 4.0.9 - Admin+ Stored XSS

The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-23788 · Bestwebsoft · The Quotes/Tips By Bestwebsoft Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Quotes and Tips by BestWebSoft WordPress plugin versions prior to 1.45 Description: The issue concerns the improper validation of image files uploaded by high privilege users, such as admins, allowing them to upload arbitrary files on the...

PT-2024-37754 · WordPress · Wp Total Branding

Name of the Vulnerable Software and Affected Versions: WP Total Branding – Complete branding solution for WordPress plugin versions prior to 1.2 Description: The issue arises from insufficient input sanitization and output escaping in admin settings, allowing authenticated attackers with...

CVE-2024-6138

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

CVE-2024-6138 Secure Copy Content Protection < 4.0.9 - Admin+ Stored XSS

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

WordPress Multisite Content Copier/Updater plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Multisite Content Copier/Updater versions = 2.0.0...

WordPress Multisite Content Copier/Updater Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Multisite Content Copier/Updater Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38673 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 84ff3a1a21a7 Credits Dimas Maulana...

CVE-2024-3410

The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3410

The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3410

The DN Footer Contacts WordPress plugin (DN Footer Contacts) has a stored XSS vulnerability in versions prior to 1.6.3 due to insufficient sanitization/escaping of certain settings. The issue could allow high-privilege users (e.g., admins) to execute Stored XSS, potentially in multisite setups wh...

CVE-2024-3999

The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4627

The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...

CVE-2024-3999

Summary (CVE-2024-3999) : The EazyDocs WordPress plugin, prior to version 2.5.0, fails to sanitise and escape certain settings, enabling stored XSS by high-privilege users (e.g., administrators). This risk persists even when unfiltered_html is disallowed (such as in multisite setups). The issue i...

CVE-2024-4627 Rank Math SEO < 1.0.219 - Authenticated Stored XSS

The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...

CVE-2024-4627

CVE-2024-4627 affects Rank Math SEO for WordPress prior to 1.0.219. It is an authenticated Stored XSS due to insufficient sanitisation/escaping of settings, exploitable by users with access to General Settings (admin by default, but grantable via Role Manager in