5210 matches found
CVE-2024-55100
The CVE-2024-55100 entry refers to a stored cross-site scripting (XSS) vulnerability in Online Nurse Hiring System v1.0, specifically affecting the /admin/profile.php component. The fullname parameter can be manipulated to inject arbitrary web scripts/HTML. According to the provided metrics, the ...
CVE-2024-37776
A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...
CVE-2024-55100
A stored cross-site scripting XSS vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter...
CVE-2024-11720
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated...
CVE-2024-11883
The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnxscriptcode' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-12448 Posts and Products Views for WooCommerce <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwcviews' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-11883
CVE-2024-11883 affects the Connatix Video Embed WordPress plugin. The vulnerability is a Stored XSS via the plugin shortcode cnx_script_code in versions up to and including 1.0.5, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at l...
CVE-2024-11876 Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeumopensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping ...
CVE-2024-11751
CVE-2024-11751 affects the TCBD Popover plugin for WordPress. It is a Stored XSS via the tcbd-popover-image shortcode in all versions up to 1.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires contributor-level access or higher; the pay...
CVE-2024-11832
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-11767 NewsmanApp <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsmansubscribewidget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11359
The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2024-12072 Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting
The Analytics Cat – Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to inject...
CVE-2024-11882
CVE-2024-11882 affects the WordPress plugin FAQ And Answers – Create Frequently Asked Questions Area on WP Sites. The vulnerability is a Stored Cross-Site Scripting via the plugin’s faq shortcode in all versions up to 1.1.0, caused by insufficient input sanitization and output escaping on user-su...
CVE-2024-12441 BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting
The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-11804 Planaday API <= 11.4 - Reflected Cross-Site Scripting
The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
CVE-2024-11875
CVE-2024-11875 affects the WordPress plugin Add infos to the events calendar (versions
CVE-2024-11914
The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks/post-carousel' block in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-11279
The Schema App Structured Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-11901
CVE-2024-11901 affects the WordPress PowerBI Embed Reports plugin (up to version 1.1.7). The vulnerability is Stored XSS via the MO_API_POWER_BI shortcode, caused by insufficient input sanitization and output escaping for user-supplied shortcode attributes. Authenticated attackers with contributo...