CVE-2024-9885

The CVE-2024-9885 entry covers a Stored Cross-Site Scripting vulnerability in the WordPress plugin Widget or Sidebar Shortcode, exploitable via the plugin’s sidebar shortcode in all versions up to 0.6.1. Authenticated attackers with contributor-level access or higher can inject scripts that execu...

WordPress plugin NewsCard 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-10040

The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the processajaxedit and processajaxdelete function. This makes it possible for unauthenticated attackers to mak...

CVE-2024-49301 WordPress G Meta Keywords plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sinan Yorulmaz G Meta Keywords g-meta-keywords allows Stored XSS.This issue affects G Meta Keywords: from n/a through = 1.4...

MAL-2024-9764 Malicious code in plugin-transform-logical-assignment-operators (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9756 Malicious code in plugin-not-found (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-9582 Accordion Slider <= 1.9.11 - Authenticted (Contributor+) Stored Cross-Site Scripting via HTML Attribute

The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-9696

The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescuetab' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-9021 Relevanssi < 4.23.1 - Contributor+ Stored XSS

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...

CVE-2024-8632

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbsajaxloadfrontendreplies' and 'kbsajaxmarkreplyasread' functions in all versions up to, and including, 1.6.6. This...

PT-2024-30676 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The goTenna Pro ATAK Plugin has a default setting to share Automatic Position, Location, and Information PLI updates every 60 seconds once the plugin is active and goTenna i...

CVE-2024-7386 Premium Packages – Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery

The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund function. This makes it possible for unauthenticated attackers to perform...

WordPress WCFM Marketplace <= 3.6.11 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin WCFM Marketplace versions = 3.6.11...

RHSA-2016:1865 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...

RHSA-2017:1731 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...

RHSA-2017:1439 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...

RHSA-2017:0526 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...

RHSA-2014:1173 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...

RHSA-2013:1518 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...

RHSA-2012:1346 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...