5210 matches found
CVE-2024-10887
The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping ...
CVE-2024-8874 AJAX Login and Registration modal popup + inline form <= 2.24 - Reflected Cross-Site Scripting
The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes it possible for unauthenticated attackers to...
CVE-2024-10850 Razorpay Payment Button for Elementor <= 1.2.5 - Reflected Cross-Site Scripting
The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacker...
CVE-2024-10850
CVE-2024-10850 affects the Razorpay Payment Button Elementor Plugin for WordPress. All versions up to and including 1.2.5 are vulnerable to Reflected Cross-Site Scripting due to improper escaping of URLs via add_query_arg/remove_query_arg, enabling unauthenticated attackers to inject scripts if a...
CVE-2024-9614 Constant Contact Forms by MailMunch <= 2.1.2 - Reflected Cross-Site Scripting
The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2024-10887 NiceJob <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping ...
CVE-2024-10577 Fat Rat Collect <= 2.7.3 - Reflected Cross-Site Scripting
The 胖鼠采集Fat Rat Collect 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-10851 Razorpay Payment Button <= 2.4.6 - Reflected Cross-Site Scripting
The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...
CVE-2024-10851
CVE-2024-10851 : Razorpay Payment Button Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to and including 2.4.6 due to improper escaping when using add_query_arg/remove_query_arg. Unauthenticated attackers can inject scripts if a user is tricked into an act...
CVE-2024-10851 Razorpay Payment Button <= 2.4.6 - Reflected Cross-Site Scripting
The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...
CVE-2024-50969
A Reflected cross-site scripting XSS vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter...
CVE-2024-50969
A Reflected cross-site scripting XSS vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter...
CVE-2024-9357 xili-tidy-tags <= 1.12.04 - Reflected Cross-Site Scripting
The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-10790 Admin and Site Enhancements (ASE) <= 7.5.1 - Authenticated Stored Cross-Site Scripting via SVG
The Admin and Site Enhancements ASE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level...
CVE-2024-9357 xili-tidy-tags <= 1.12.04 - Reflected Cross-Site Scripting
The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-10685
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2024-10265
CVE-2024-10265 affects the Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder for WordPress. It enables a Reflected Cross‑Site Scripting via the use of add_query_arg without proper escaping in the URL, impacting all versions up to and including 1.15.30. Unauthenticated attacke...
CVE-2024-10837
The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-10837 SysBasics Customize My Account for WooCommerce <= 2.7.29 - Reflected Cross-Site Scripting via tab Parameter
The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-10837 SysBasics Customize My Account for WooCommerce <= 2.7.29 - Reflected Cross-Site Scripting via tab Parameter
The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...