5210 matches found
CVE-2024-53599
CVE-2024-53599 is a cross-site scripting (XSS) vulnerability in LafeLabs Chaos v0.0.1, exposed via the /scroll.php endpoint. The issue allows an attacker to inject and execute arbitrary web scripts or HTML through a crafted payload in the affected application. The public record cites a CVSS 3.1 b...
CVE-2024-11227
The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's memberliteaccordion shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11330
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-9635 Checkout with Cash App on WooCommerce <= 6.0.2 - Reflected Cross-Site Scripting
The Checkout with Cash App on WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wphttpreferer' parameter in several files in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-9635 Checkout with Cash App on WooCommerce <= 6.0.2 - Reflected Cross-Site Scripting
The Checkout with Cash App on WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wphttpreferer' parameter in several files in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-11446 Chessgame Shizzle <= 1.3.0 - Reflected Cross-Site Scripting
The Chessgame Shizzle plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'csnonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2024-11446 Chessgame Shizzle <= 1.3.0 - Reflected Cross-Site Scripting
The Chessgame Shizzle plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'csnonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2024-11330 Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-11330 Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-11188
Formidable Forms – Contact Form Plugin for WordPress (CVE-2024-11188) is affected by a POST-based Reflected Cross-Site Scripting vulnerability via Custom HTML Form parameters in all versions up to 6.16.1.2, caused by insufficient input sanitization and output escaping. Attackers can exploit this ...
CVE-2024-10880
The JobBoardWP – Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated...
CVE-2024-11361
The PDF Invoices & Packing Slips Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers t...
CVE-2024-11361 PDF Invoices & Packing Slips Generator for WooCommerce <= 2.2.1 - Reflected Cross-Site Scripting
The PDF Invoices & Packing Slips Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers t...
CVE-2024-11332
CVE-2024-11332 : Stored XSS in the WordPress plugin “HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents” (versions up to 1.3.4) via the hipaatizer shortcode. Exploitation requires authenticated access at contributor level or higher; payloads execute when users view in...
CVE-2024-10880 JobBoardWP – Job Board Listings and Submissions <= 1.3.0 - Reflected Cross-Site Scripting
The JobBoardWP – Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated...
CVE-2024-10880
CVE-2024-10880 affects the WordPress plugin JobBoardWP – Job Board Listings and Submissions (versions
CVE-2024-11463
The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
CVE-2024-11463
CVE-2024-11463 affects the DeBounce Email Validator WordPress plugin (all versions up to 5.6.5). It enables Reflected Cross-Site Scripting via from, to, and key parameters, allowing unauthenticated attackers to inject scripts in pages/actions triggered by user interaction. The vulnerability is do...
CVE-2024-11463 DeBounce Email Validator <= 5.6.5 - Reflected Cross-Site Scripting
The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
CVE-2024-8735
The MailMunch – Grow your Email List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.8. This makes it possible for unauthenticated attackers to inject arbitrary web...