CVE-2024-2457

CVE-2024-2457 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Modal Window – create popup modal window affecting all versions up to and including 5.3.8 . The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, enab...

CVE-2024-2738

CVE-2024-2738 affects Permalink Manager Lite and Permalink Manager Pro for WordPress. The vulnerability is a Reflected Cross-Site Scripting flaw via the URL parameter ‘s’ in multiple locations present up to version 2.4.3.1, caused by insufficient input sanitization and output escaping. Attackers ...

CVE-2024-1571

CVE-2024-1571 : WP Recipe Maker for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to 9.2.1 due to insufficient input sanitization and output escaping. Authenticated users with access to the recipe dashboard (admin by default, but roles can...

CVE-2024-1948

CVE-2024-1948 affects Getwid – Gutenberg Blocks (WordPress) up to version 2.0.5. Root cause: insufficient input sanitization and output escaping in block content, enabling stored XSS. Exploitation requires Contributor+ privileges and user interaction on injected pages. Fix: upgrade to version 2.0...

CVE-2023-6799

CVE-2023-6799 affects the WP Reset plugin for WordPress (versions up to 2.0). The root cause is insufficiently random snapshot names, enabling unauthenticated attackers to brute-force and extract sensitive data such as backups. The risk is tied to Information Exposure (C), with no vendor hardenin...

CVE-2024-1990

CVE-2024-1990 concerns the RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress. The connected sources confirm a blind SQL Injection via the id parameter in the RM_Form shortcode, exploitable in all versions up to 5.3.1.0 due to insufficie...

CVE-2024-0626

CVE-2024-0626 affects the WooCommerce Clover Payment Gateway plugin for WordPress. The root cause is a missing capability check in the callback_handler, leading to broken access control that allows unauthenticated users to mark orders as paid. Affected versions are

CVE-2024-2112

The CVE-2024-2112 entry concerns the WordPress plugin Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder, affected up to version 1.15.22. The vulnerability, described across sources (NVD/NVD-related, Red Hat, PatchStack), is Sensitive Information Exposure via the plugin’s sign...

CVE-2024-2436

The CVE-2024-2436 entry concerns the Lightweight Accordion WordPress plugin. It describes a stored XSS in the plugin’s shortcodes caused by insufficient input sanitization and output escaping on user-supplied attributes, affecting all versions up to and including 1.5.16. The vulnerability require...

CVE-2024-2165

CVE-2024-2165 affects the SEOPress – On-site SEO plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting via the image alt parameter in all versions up to and including 7.5.2.1, caused by insufficient input sanitization and output escaping. Exploitation requires authentication, w...

CVE-2024-0826

CVE-2024-0826 affects Qi Addons For Elementor for WordPress. The vulnerability is a Stored Cross‑Site Scripting (XSS) in widget attributes caused by insufficient input sanitization and output escaping, allowing authenticated users with contributor-level or higher permissions to inject scripts tha...

CVE-2024-2261

CVE-2024-2261 affects the Event Tickets and Registration plugin for WordPress (all versions up to 5.8.2). The exposure is via RSVP functionality, enabling authenticated users with contributor access or higher to retrieve sensitive data (emails, street addresses). Remediation noted in connected so...

CVE-2024-2200

The CVE CVE-2024-2200 concerns WordPress plugin Contact Form by BestWebSoft. Affected versions: all up to and including 4.2.8. Root cause: insufficient input sanitization and output escaping leads to Reflected Cross-Site Scripting via the cntctfrm_contact_subject parameter. Impact: unauthenticate...

CVE-2024-2226

CVE-2024-2226 affects the Otter Blocks – Gutenberg Blocks plugin for WordPress. The vulnerability is stored XSS in the google-map block via the id parameter, present in all versions up to 2.6.4, due to insufficient input sanitization and output escaping. Exploitation requires an authenticated att...

CVE-2024-1904

CVE-2024-1904 affects the MasterStudy LMS WordPress plugin (up to and including 3.2.13). The issue is a missing capability check in the search_posts function, allowing authenticated users with subscriber-level access or higher to view draft post titles and excerpts. Impact is unauthorized data ex...

CVE-2024-1637

The CVE-2024-1637 entry concerns the 360 Javascript Viewer WordPress plugin. Affected versions are all versions up to and including 1.7.12, where an unauthorized modification of data is possible due to a missing capability check and nonce exposure on multiple AJAX actions. The vulnerability can b...

CVE-2024-2033

CVE-2024-2033 affects the Video Conferencing with Zoom plugin for WordPress (versions

CVE-2024-2187

CVE-2024-2187 : The Beaver Builder Addons by WPZOOM for WordPress is exposed to Stored Cross-Site Scripting via the Testimonials widget in all versions up to and including 1.3.4. The root cause is insufficient input sanitization and output escaping, enabling authenticated attackers with contribut...

CVE-2024-1664

CVE-2024-1664 affects the WordPress plugin Responsive Gallery Grid (versions prior to 2.3.11). The vulnerability arises from insufficient sanitisation/escaping of several settings, which could allow high-privilege users (e.g., administrators) to perform Stored XSS, including in multisite configur...

PT-2024-3279 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to a memory usage problem after memory release when handling requests. This can allow a remote attacker to execute arbitrary code, affecting the system...