CVE-2024-7869

The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that wi...

CVE-2024-8728 Easy Load More <= 1.0.3 - Reflected Cross-Site Scripting

The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

CVE-2024-8728 Easy Load More <= 1.0.3 - Reflected Cross-Site Scripting

The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

CVE-2024-8727

DK PDF for WordPress is vulnerable to Reflected XSS (CVE-2024-8727) due to improper escaping in add_query_arg usage across versions up to 1.9.6. Unauthenticated attackers could inject scripts into pages that run when a user is tricked into taking an action (e.g., clicking a link). Public sources ...

CVE-2024-8990

The CVE CVE-2024-8990 concerns the WordPress Geo Mashup plugin. Affected versions are all up to and including 1.13.13, where insufficient input sanitization and output escaping on the geo_mashup_visible_posts_list shortcode allows Stored Cross-Site Scripting (XSS). Exploitation requires authentic...

CVE-2024-8718 Gravity Forms Toolbar <= 1.7.0 - Reflected Cross-Site Scripting

The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2024-8718 Gravity Forms Toolbar <= 1.7.0 - Reflected Cross-Site Scripting

The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2024-8718

CVE-2024-8718: Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the tab parameter in versions up to and including 1.7.0. The vulnerability allows unauthenticated attackers to inject scripts into pages invoked when a user is enticed to perform an actio...

CVE-2024-7869

CVE-2024-7869: Stored XSS in the WordPress 123.chat - Video Chat plugin (versions up to and including 1.3.1). Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers can inject scripts on pages and trigger them for users. CVSS v3.1 base score 7.2 (HIGH)....

CVE-2024-8981

The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated...

CVE-2024-8981 Broken Link Checker <= 2.4.0 - Reflected Cross-Site Scripting

The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated...

kvf-admin cross-site scripting vulnerability

kvf-admin is a rapid development framework, scaffolding, backend management system, permission system. kvf-admin cross-site scripting vulnerability , the vulnerability stems from the file / ueditor/upload?configPath=ueditor/config.json&action=uploadfile parameter upfile lack of effective filterin...

CVE-2024-8189

The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmtmenuname’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-8189

CVE-2024-8189 affects the WP MultiTasking – WP Utilities WordPress plugin. It is a stored XSS via the wpmt_menu_name parameter in all versions

CVE-2024-8712 GTM Server Side <= 2.1.19 - Reflected Cross-Site Scripting

The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

CVE-2024-8712

CVE-2024-8712 affects GTM Server Side plugin for WordPress; it is a Reflected XSS due to unsafe use of add_query_arg in URLs in all versions ≤ 2.1.19, enabling unauthenticated attackers to inject scripts if a user is tricked into clicking a crafted link. The vulnerability is mitigated by upgradin...

CVE-2024-8715 Simple LDAP Login <= 1.6.0 - Reflected Cross-Site Scripting

The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-8788 EU/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting

The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.12.11. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-46453

A cross-site scripting XSS vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-25411

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php...