CVE-2024-8735

CVE-2024-8735 – MailMunch – Grow your Email List (WordPress) is a reflected cross-site scripting vulnerability in the MailMunch plugin for WordPress, arising from the use of add_query_arg without proper escaping. It affects all versions up to and including 3.1.8. The flaw permits unauthenticated ...

CVE-2024-11381

The CVE-2024-11381 entry concerns the WordPress Control horas plugin (v

CVE-2024-9371

The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. This makes it possible for unauthenticated...

CVE-2024-11456

The Run Contests, Raffles, and Giveaways with ContestsWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to...

CVE-2024-11447

The Community by PeepSo – Download from PeepSo.com plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filter’ parameter in all versions up to, and including, 7.0.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-11365

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...

CVE-2024-11370

The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-10890

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to injec...

CVE-2024-10675

The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

CVE-2024-10623

The ForumEngine theme for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-10675

CVE-2024-10675 affects the WordPress plugin affiliate-toolkit (

CVE-2024-11371

CVE-2024-11371 concerns the Theater for WordPress plugin. Public docs confirm a Reflected Cross-Site Scripting (XSS) flaw caused by using add_query_arg without proper escaping, affecting all versions up to and including 0.18.6.2. The vulnerability allows unauthenticated attackers to inject script...

CVE-2024-11371 Theater for WordPress <= 0.18.6.2 - Reflected Cross-Site Scripting

The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

CVE-2024-11371 Theater for WordPress <= 0.18.6.2 - Reflected Cross-Site Scripting

The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

CVE-2024-10890 WPAdverts – Classifieds Plugin <= 2.1.7 - Reflected Cross-Site Scripting

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to injec...

CVE-2024-9371

CVE-2024-9371 describes a Reflected Cross-Site Scripting vulnerability in Branda – White Label & Branding, Custom Login Page Customizer for WordPress (WordPress Branda). The issue arises from insufficient escaping of the URL when remove_query_arg is used, affecting all versions up to and includin...

CVE-2024-9371 Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting

The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. This makes it possible for unauthenticated...

CVE-2024-10623 ForumEngine <= 1.8 - Reflected Cross-Site Scripting

The ForumEngine theme for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-10623

CVE-2024-10623 (ForumEngine Theme

CVE-2024-11365 Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...