5210 matches found
CVE-2024-9211
The CVE CVE-2024-9211 affects the WordPress plugin FULL – Cliente (≤ 3.1.22). It is a Reflected Cross-Site Scripting vulnerability caused by using add_query_arg and remove_query_arg without proper escaping, enabling unauthenticated attackers to inject scripts when a user is tricked into clicking ...
CVE-2024-9610 Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting
The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-9610 Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting
The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-9232 Download Plugins and Themes in ZIP from Dashboard <= 1.9.1 - Reflected Cross-Site Scripting
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to...
CVE-2024-9232
The WordPress plugin Download Plugins and Themes in ZIP from Dashboard is vulnerable to Reflected XSS in versions ≤ 1.9.1 due to improper escaping of URLs via add_query_arg, enabling unauthenticated attackers to inject scripts if a user is persuaded to click a crafted link. Affected: Download Plu...
CVE-2024-9436 PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting
The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.5.14. This makes it possible...
CVE-2024-9221 Tainacan <= 0.21.10 - Reflected Cross-Site Scripting
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-9221 Tainacan <= 0.21.10 - Reflected Cross-Site Scripting
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-9616
The CVE-2024-9616 entry concerns BlockMeister – Block Pattern Builder for WordPress. A Reflected Cross-Site Scripting flaw exists in all versions up to 3.1.10 due to use of add_query_arg without proper escaping, enabling unauthenticated attackers to inject scripts into pages that run when a user ...
CVE-2024-9616 BlockMeister – Block Pattern Builder <= 3.1.10 - Reflected Cross-Site Scripting
The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.10. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-9346 Embed videos and respect privacy <= 1.2 - Reflected Cross-Site Scripting
The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'v' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9377
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticat...
CVE-2024-9205
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9057
The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘feedid’ attribute in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-8729
The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2024-8729 Easy Social Share Buttons <= 1.4.5 - Reflected Cross-Site Scripting
The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2024-9377 Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected Cross-Site Scripting
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticat...
CVE-2024-9377 Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected Cross-Site Scripting
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticat...
CVE-2024-9205
CVE-2024-9205 refers to the WordPress plugin “Maximum Products per User for WooCommerce” (
CVE-2024-9205 Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject...