CVE-2024-9210

The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

CVE-2024-8800

The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and...

CVE-2024-8800 RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting

The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and...

CVE-2024-8800

CVE-2024-8800 describes a Reflected Cross-Site Scripting vulnerability in the RabbitLoader WordPress plugin up to version 2.21.0. The flaw stems from using add_query_arg without proper escaping, enabling unauthenticated attackers to craft links that inject scripts in pages executed by a user who ...

CVE-2024-9210 MC4WP: Mailchimp Top Bar <= 1.6.0 - Reflected Cross-Site Scripting

The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

CVE-2024-9222

The CVE refers to the WordPress plugin Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (vendor: Paid Memberships Pro) with CVE-2024-9222. It describes a Reflected Cross-Site Scripting (XSS) vulnerability caused by insufficient escaping of add_query...

CVE-2024-9225 SEOPress – On-site SEO <= 8.1.1 - Reflected Cross-Site Scripting

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9225 SEOPress – On-site SEO <= 8.1.1 - Reflected Cross-Site Scripting

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9228

The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-9209

The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8799

The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

CVE-2024-8786

The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-8786 Auto Featured Image from Title <= 2.3 - Reflected Cross-Site Scripting

The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-8786 Auto Featured Image from Title <= 2.3 - Reflected Cross-Site Scripting

The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-9220 LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-8793

CVE-2024-8793 concerns the Store Exporter for WooCommerce plugin (WordPress) vulnerable to Reflected Cross-Site Scripting via add_query_arg in all versions up to 2.7.2.1. Exploitation requires a user to click a crafted link; unauthenticated attackers can inject scripts on vulnerable pages. Affect...

CVE-2024-9228

Mode C: Details available. The CVE concerns the WordPress plugin Loggedin – Limit Active Logins, affected all versions up to 1.3.1. The vulnerability is Reflected Cross-Site Scripting caused by insufficient escaping in add_query_arg, exploitable by unauthenticated attackers when the user is shown...

CVE-2024-9209

The CVE CVE-2024-9209 applies to the WordPress plugin WP Search Analytics. It is a reflected XSS vulnerability triggered by insufficient escaping of add_query_arg in the plugin’s URL handling, affecting all versions up to and including 1.4.10. Impact is unauthenticated abuse where an attacker can...

CVE-2024-9209 WP Search Analytics <= 1.4.10 - Reflected Cross-Site Scripting

The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8727

The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...