CVE-2024-2643 My Sticky Bar < 2.6.8 - Admin+ Stored XSS

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...

WordPress FS Poster plugin <= 6.5.8 - Subscriber+ Site Wide Broken Access Control vulnerability

Subscriber+ Site Wide Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin FS Poster versions = 6.5.8...

CVE-2024-13626 VR Frases <= 3.0.1 - Reflected XSS

The VR-Frases collect & share quotes WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-12457 Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escapi...

CVE-2024-0382

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to unrestricted use of the 'headertag' attribute. This makes it possible for authenticated attackers with contributor-level and above...