CVE-2024-9205 Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting

The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9207

The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-9207 BuddyPress Docs <= 2.2.3 - Reflected Cross-Site Scripting

The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-9207 BuddyPress Docs <= 2.2.3 - Reflected Cross-Site Scripting

The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8629

The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to...

CVE-2024-8629 WooCommerce Multilingual & Multicurrency with WPML <= 5.3.7 - Reflected Cross-Site Scripting

The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to...

CVE-2024-8629 WooCommerce Multilingual & Multicurrency with WPML <= 5.3.7 - Reflected Cross-Site Scripting

The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to...

CVE-2024-9528

CVE-2024-9528 : Stored Cross-Site Scripting in the WordPress plugin “Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder” (versions ≤ 5.1.19). Root cause: insufficient input sanitization and output escaping in form label fields, allowing an authenticated attacker...

CVE-2024-9385 Themify Builder <= 7.6.2 - Reflected Cross-Site Scripting

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

CVE-2024-9385

The CVE-2024-9385 entry concerns Themify Builder for WordPress (versions up to and including 7.6.2). It is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper escaping of URLs when using add_query_arg, enabling unauthenticated attackers to inject scripts via crafted links. Pub...

CVE-2024-8499 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘renderreviewrequestnotice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2024-8499 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘renderreviewrequestnotice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2024-9435

The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-8804 Code Embed <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with...

CVE-2024-9372

The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

CVE-2024-9353

The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-9375

The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9349

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers t...

CVE-2024-9204

The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $SERVER'REQUESTURI' in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-8802

The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...