CVE-2024-9382 Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting

The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'overrideid' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9382 Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting

The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'overrideid' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9383 Parcel Pro <= 1.8.4 - Reflected Cross-Site Scripting

The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

CVE-2024-8740 GetResponse Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-8740 GetResponse Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-9350 DPD Baltic Shipping <= 1.2.83 - Reflected Cross-Site Scripting

The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchvalue' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9373

CVE-2024-9373 – Elemenda WordPress plugin is vulnerable to Stored Cross-Site Scripting via SVG file uploads in versions up to 0.0.2 due to insufficient input sanitization and output escaping.Authenticated users with Author-level access and above can inject scripts that execute when the SVG is vie...

CVE-2024-10049

CVE-2024-10049 affects the WordPress plugin “Edit WooCommerce Templates” via Reflected Cross-Site Scripting in the page parameter for all versions up to 1.1.2. The vulnerability is exploitable by unauthenticated attackers who can entice a user to perform an action, injecting scripts into pages th...

CVE-2024-9184

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

CVE-2024-9951

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9951 Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9951 Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9951

CVE-2024-9951 affects the WordPress plugin WP Photo Album Plus. The vulnerability is a Reflected Cross-Site Scripting via the wppa-tab parameter in all versions up to 8.8.05.003, caused by insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts wh...

CVE-2024-9213 Persian WooCommerce SMS <= 7.0.2 - Reflected Cross-Site Scripting

The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 7.0.2. This makes it possible for unauthenticated attackers to injec...

CVE-2024-9347

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-8719

CVE-2024-8719 – Flexmls® IDX Plugin for WordPress has a Reflected Cross-Site Scripting vulnerability in all versions up to 3.14.22. The issue arises from insufficient input sanitization and output escaping for multiple parameters (e.g., MaxBeds, MinBeds), allowing an unauthenticated attacker to i...

CVE-2024-8719 Flexmls® IDX Plugin <= 3.14.22 - Reflected Cross-Site Scripting

The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-46605

A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...