CVE-2024-9504

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-9386

The Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-10790 Admin and Site Enhancements (ASE) <= 7.5.1 - Authenticated Stored Cross-Site Scripting via SVG

The Admin and Site Enhancements ASE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level...

CVE-2024-9165

The Gift Cards Gift Vouchers and Packages WooCommerce Supported plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-9388

The CVE-2024-9388 entry concerns the WordPress plugin Black Widgets For Elementor. A Stored Cross-Site Scripting (XSS) flaw existed via SVG file uploads in all versions up to 1.3.7, caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with...

CVE-2024-8915

CVE-2024-8915 affects the WordPress Category Icon plugin. It is a Stored Cross-Site Scripting (XSS) via SVG file uploads in versions up to 1.0.0 due to insufficient input sanitization and output escaping. An authenticated attacker with Author-level access can inject scripts that run when a user a...

CVE-2024-9066

CVE-2024-9066 concerns the WordPress plugin Marketing and SEO Booster (

CVE-2024-9372

The CVE-2024-9372 entry concerns the WP Blocks Hub WordPress plugin (

CVE-2024-9172

CVE-2024-9172 affects the WordPress plugin Demo Importer Plus. It allows Stored Cross-Site Scripting via SVG uploads in all versions up to 2.0.1. Exploitation requires an authenticated attacker with Author+ privileges, who can inject script into pages that execute when users view the SVG file. Th...

CVE-2024-9060

The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary w...

CVE-2024-9272

CVE-2024-9272 refers to a stored XSS vulnerability in the WordPress plugin “R Animated Icon Plugin” (

CVE-2024-9125

The kingIE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject...

CVE-2024-7304

The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-6804

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...