5210 matches found
CVE-2024-8713 Kodex Posts likes <= 2.5.0 - Reflected Cross-Site Scripting
The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2024-8713 Kodex Posts likes <= 2.5.0 - Reflected Cross-Site Scripting
The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2024-8741 Beam me up Scotty – Back to Top Button <= 1.0.21 - Reflected Cross-Site Scripting
The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to inject...
CVE-2024-8741 Beam me up Scotty – Back to Top Button <= 1.0.21 - Reflected Cross-Site Scripting
The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to inject...
CVE-2024-8549 Simple Calendar – Google Calendar Plugin <= 3.4.2 - Reflected Cross-Site Scripting
The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible for unauthenticated attackers to inject...
CVE-2024-8549
CVE-2024-8549: Simple Calendar – Google Calendar Plugin for WordPress is affected by Reflected Cross-Site Scripting in versions up to 3.4.2 due to insufficient escaping of URL parameters (add_query_arg). The vulnerability allows unauthenticated attackers to inject arbitrary scripts into pages tha...
CVE-2024-8914
CVE-2024-8914 affects the WordPress plugin Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay and 40 Vietnamese banks, vulnerable to unauthenticated Stored XSS in all versions up to 2.0.1 due to incorrect use of wp_kses_allowed_html, permitting onclick on certain elements. Public detail...
CVE-2024-8662
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-8738 Seriously Simple Stats <= 1.6.0 - Reflected Cross-Site Scripting
The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
CVE-2024-8738
CVE-2024-8738 affects the Seriously Simple Stats WordPress plugin. The vulnerability is a Reflected Cross-Site Scripting flaw caused by insufficient escaping in add_query_arg across versions up to and including 1.6.0, enabling unauthenticated attackers to inject scripts if a user is tricked into ...
CVE-2024-8738 Seriously Simple Stats <= 1.6.0 - Reflected Cross-Site Scripting
The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
CVE-2024-8544
Pixel Cat – Conversion Pixel Manager for WordPress (versions
CVE-2024-8716 XT Ajax Add To Cart for WooCommerce <= 1.1.2 - Reflected Cross-Site Scripting
The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2024-8716
The XT Ajax Add To Cart for WooCommerce plugin (WordPress) is affected by CVE-2024-8716: Reflected Cross-Site Scripting due to improper escaping of add_query_arg in the URL for all versions up to 1.1.2. The vulnerability is exploitable by unauthenticated attackers who can entice a user to perform...
CVE-2024-46639
A cross-site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box...
CVE-2024-46639
HelpDeskZ 2.0.2 is affected by an XSS vulnerability in the Name field of Custom Fields message box. The issue allows attackers to inject and execute arbitrary web scripts/HTML. Root cause details are not expanded beyond XSS in the provided documents, and no exploitation specifics are given. Sever...
CVE-2024-46639
A cross-site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box...
CVE-2024-46639
A cross-site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box...
CVE-2024-8680 MailChimp for Wordpress <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-46654
A stored cross-site scripting XSS vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...