CVE-2024-10875 Gallery Manager <= 1.6.58 - Reflected Cross-Site Scripting

The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removeQueryArg without appropriate escaping on the URL in all versions up to, and including, 1.6.58. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-10883

The CVE-2024-10883 entry affects the WordPress plugin SimpleForm – Contact form made simple, all versions up to and including 2.2.0. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by use of add_query_arg and remove_query_arg without proper escaping, enabling unauthenticat...

CVE-2024-10883 SimpleForm – Contact form made simple <= 2.2.0 - Reflected Cross-Site Scripting

The SimpleForm – Contact form made simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers t...

CVE-2024-48068

A cross-site scripting XSS vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-8961 Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomoreitemstext’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and...

CVE-2024-10260

The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

CVE-2024-10793 WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

CVE-2024-9356

The CVE CVE-2024-9356 affects the Yotpo: Product & Photo Reviews for WooCommerce WordPress plugin. It enables Reflected Cross-Site Scripting via the yotpo_user_email and yotpo_user_name parameters in all versions up to and including 1.7.8 due to insufficient input sanitization and output escaping...

CVE-2024-9609

CVE-2024-9609 affects LearnPress Export Import – WordPress extension for LearnPress (WordPress) up to version 4.0.4. The vulnerability is a reflected cross-site scripting flaw caused by insufficient input sanitization and output escaping in the learnpress_import_form_server parameter, enabling un...

CVE-2024-9609 LearnPress Export Import – WordPress extension for LearnPress <= 4.0.4 - Reflected Cross-Site Scripting

The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpressimportformserver' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-48068

A cross-site scripting XSS vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-10877 AFI – The Easiest Integration Plugin <= 1.92.0 - Reflected Cross-Site Scripting

The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers t...

CVE-2024-10877 AFI – The Easiest Integration Plugin <= 1.92.0 - Reflected Cross-Site Scripting

The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers t...

CVE-2024-10877

AFI – The Easiest Integration Plugin for WordPress is vulnerable to a Reflected Cross‑Site Scripting due to using the functions add_query_arg/remove_query_arg without proper escaping in the URL, affecting all versions up to and including 1.92.0. This enables unauthenticated attackers to inject ar...

CVE-2024-10684

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-10684 Kognetiks Chatbot for WordPress <= 2.1.7 - Reflected Cross-Site Scripting

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-10684 Kognetiks Chatbot for WordPress <= 2.1.7 - Reflected Cross-Site Scripting

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-10882 Product Delivery Date for WooCommerce - Lite <= 2.8.0 - Reflected Cross-Site Scripting

The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

CVE-2024-9614

The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-8874

The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes it possible for unauthenticated attackers to...