CVE-2024-9434

The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the ontranslateoptionspage function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9434 WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the ontranslateoptionspage function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9434 WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the ontranslateoptionspage function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9434

CVE-2024-9434 affects the WordPress plugin WPGlobus Translate Options (

CVE-2024-9446 WP Simple Anchors Links <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpanchor Shortcode

The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9388

The CVE-2024-9388 entry concerns the WordPress plugin Black Widgets For Elementor. A Stored Cross-Site Scripting (XSS) flaw existed via SVG file uploads in all versions up to 1.3.7, caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with...

CVE-2024-10108

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2024-8871

The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers to...

CVE-2024-8871 Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting

The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers to...

CVE-2024-8871 Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting

The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers to...

CVE-2024-8871

CVE-2024-8871 affects the Pricing Tables WordPress Plugin – Easy Pricing Tables. The vulnerability is a Reflected Cross‑Site Scripting flaw caused by using add_query_arg without proper escaping, present in all versions up to 3.2.5. It allows unauthenticated attackers to inject scripts into pages ...

CVE-2024-8792 Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-9886 WP Baidu Map <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidumap' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

CVE-2024-9505

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-10181

The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newslettersvideo shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10266 Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10048

The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-9438 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting

The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...