CVE-2024-11326

CVE-2024-11326 relates to the WordPress plugin Campaign Monitor Forms by Optin Cat. It describes a Reflected Cross-Site Scripting vulnerability in all versions up to 2.5.7 caused by using add_query_arg without proper escaping on the URL. This enables unauthenticated attackers to inject JavaScript...

CVE-2024-11325

The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2024-11325

CVE-2024-11325 concerns the AWeber Forms by Optin Cat WordPress plugin. It is a Reflected Cross-Site Scripting vulnerability caused by improper escaping of add_query_arg usage, affecting all versions up to and including 2.5.7. Unauthenticated attackers could inject arbitrary scripts into pages ex...

CVE-2024-11325 AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2024-11325 AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2024-11805

CVE-2024-11805 refers to the WordPress plugin “Quick License Manager – WooCommerce Plugin” which is vulnerable to a Reflected Cross‑Site Scripting (XSS) due to insufficient input sanitization and output escaping in the submit_qlm_products parameter. Affected versions: all up to and including 2.4....

CVE-2024-11805 Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting

The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submitqlmproducts' parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11805 Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting

The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submitqlmproducts' parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11461 Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting

The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-11461 Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting

The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-11461

The CVE CVE-2024-11461 affects the WordPress Form Data Collector plugin, up to version 2.2.3. It is a Reflected Cross-Site Scripting vulnerability triggered via the page parameter due to insufficient input sanitization and output escaping. Exploitation requires a user to click a crafted link, ena...

CVE-2024-9058

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output...

CVE-2024-10484 Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9694 CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11252

CVE-2024-11252 concerns the Social Sharing Plugin – Sassy Social Share for WordPress. The Red Hat and NVD entries describe a Reflected Cross-Site Scripting vulnerability in the heateor_mastodon_share parameter, affecting all versions up to and including 3.3.69. The issue stems from insufficient i...

CVE-2024-11684

The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

CVE-2024-11333

The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hlsplayer' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11458

The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'aysfaqtab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2024-11684

CVE-2024-11684 affects the WordPress plugin Kudos Donations – Easy donations and payments with Mollie . It is a Reflected Cross-Site Scripting (XSS) vulnerability exploitable via the s parameter in all versions up to and including 3.2.9, caused by insufficient input sanitization and output escapi...

CVE-2024-11684 Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting

The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...