CVE-2024-8737 PDF Thumbnail Generator <= 1.3 - Reflected Cross-Site Scripting

The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8731 Cron Jobs <= 1.2.9 - Reflected Cross-Site Scripting

The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-8731 Cron Jobs <= 1.2.9 - Reflected Cross-Site Scripting

The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-8731

CVE-2024-8731 concerns the Cron Jobs plugin for WordPress (versions up to and including 1.2.9). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by using add_query_arg without proper escaping on the URL, enabling unauthenticated attackers to inject scripts in pages executed afte...

CVE-2024-8714 WordPress Affiliates Plugin — SliceWP Affiliates <= 1.1.20 - Reflected Cross-Site Scripting

The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.20. This makes it possible for unauthenticated attackers to...

CVE-2024-8714

CVE-2024-8714 (SliceWP Affiliates, WordPress) is a Reflected Cross-Site Scripting vulnerability in the SliceWP Affiliates plugin for WordPress, caused by improper escaping of URLs via remove_query_arg. Affected versions are

CVE-2024-8732

The CVE-2024-8732 entry concerns the WordPress plugin Roles & Capabilities (Leira Roles) with a Reflected Cross-Site Scripting (XSS) vulnerability caused by insufficient escaping of add_query_arg in the URL. Affected versions are up to and including 1.1.9. The vulnerability enables unauthenticate...

CVE-2024-8664

The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

CVE-2024-8665

The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-8663 WP Simple Booking Calendar <= 2.0.10 - Reflected Cross-Site Scripting

The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.10. This makes it possible for unauthenticated attackers to inject...

CVE-2024-8663 WP Simple Booking Calendar <= 2.0.10 - Reflected Cross-Site Scripting

The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.10. This makes it possible for unauthenticated attackers to inject...

CVE-2024-8664

CVE-2024-8664 : The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping when using add_query_arg in the URL for all versions up to and including 1.1.7. This allows unauthenticated attackers to trigger/script injection on pages that a use...

CVE-2024-8665 YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting

The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-8665 YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting

The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-8656

The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

CVE-2024-8656 WPFactory Helper <= 1.7.0 - Reflected Cross-Site Scripting

The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

CVE-2024-8622

The CVE-2024-8622 entry concerns the amCharts: Charts and Maps plugin for WordPress. Affected versions are

CVE-2024-44573

A stored cross-site scripting XSS vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-44573

A stored cross-site scripting XSS vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-44851

A stored cross-site scripting XSS vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...