5210 matches found
CVE-2024-9374 Terms descriptions <= 3.4.6 - Reflected Cross-Site Scripting
The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-10250
The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2024-10250 Nioland <= 1.2.6 - Reflected Cross-Site Scripting via s
The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2024-46538
A cross-site scripting XSS vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfacesgroupsedit.php...
CVE-2024-9231
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9231
WP-Members Membership Plugin for WordPress is affected by a reflected XSS vulnerability in versions up to 3.4.9.5 caused by unsafe usage of add_query_arg in URLs. An unauthenticated attacker can trick a user into performing an action to execute scripts on affected pages. The vulnerability is fixe...
CVE-2024-9231 WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-46538
A cross-site scripting XSS vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfacesgroupsedit.php...
CVE-2024-9897 StreamWeasels Twitch Integration <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-9219
CVE-2024-9219 affects the WordPress Social Share Buttons plugin for WordPress (versions
CVE-2024-9219 WordPress Social Share Buttons <= 1.19 - Reflected Cross-Site Scripting
The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.19. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9206
The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2024-9206
CVE-2024-9206 affects MAS Companies For WP Job Manager (WordPress) up to version 1.0.13. The vulnerability is a Reflected Cross-Site Scripting flaw caused by improper escaping in add_query_arg on the URL, exploitable by unauthenticated attackers who can lure a user into clicking a crafted link. T...
CVE-2024-9206 MAS Companies For WP Job Manager <= 1.0.13 - Reflected Cross-Site Scripting
The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2024-9383
The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-9350
The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchvalue' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-8790
The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-8740
The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-10014
The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...
CVE-2024-9382
CVE-2024-9382 describes a Reflected Cross-Site Scripting (XSS) in the Gantry 4 Framework plugin for WordPress. The vulnerability arises from insufficient input sanitization and output escaping in the override_id parameter, affecting all versions up to and including 4.1.21. It allows unauthenticat...