CVE-2024-0509 WP 404 Auto Redirect to Similar Post <= 1.0.3 - Reflected Cross-Site Scripting via request

The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-0834

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the linkto parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

CVE-2024-0255 WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icon_color

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-0691 FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

CVE-2024-0691 FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

CVE-2024-0382 WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to unrestricted use of the 'headertag' attribute. This makes it possible for authenticated attackers with contributor-level and above...

CVE-2024-0659 Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options

The Easy Digital Downloads – Sell Digital Files eCommerce Store & Payments Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This...

CVE-2024-0659

The Easy Digital Downloads – Sell Digital Files eCommerce Store & Payments Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This...

Biteship < 2.2.25 - Reflected Cross-Site Scripting via biteship_error and biteship_message

Description The Biteship plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'biteshiperror' and 'biteshipmessage' parameters in versions up to, and including, 2.2.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

PowerPack Pro for Elementor < 2.10.8 - Cross-Site Request Forgery to Plugin Settings Modification and Cross-Site Scripting

Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions prior to 2.10.8. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to modify plugin settings and inject arbitrary web...

CVE-2024-0895

The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated...

Cross site scripting

The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated...

CVE-2024-0895 PDF Flipbook, 3D Flipbook – DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated...

CVE-2024-0963

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CPCALCULATEDFIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it...

CVE-2024-1073

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...

CVE-2024-1073 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...

Easy Digital Downloads < 3.2.7 - Shop Manager+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the variable pricing option title due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that wi...

DearFlip < 2.2.27 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via outline settings due to insufficient input sanitization and output escaping on user supplied data, allowing authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that wi...

SlimStat Analytics < 5.1.4 - Subscriber+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter due to insufficient input sanitization and output escaping, allowing any authenticated users, such as subscriber, to inject arbitrary web scripts in pages that will execute whenever a user accesses...

CVE-2024-24041

A stored cross-site scripting XSS vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php...