CVE-2024-2793

CVE-2024-2793 refers to the Visual Website Collaboration, Feedback & Project Management – Atarim WordPress plugin. The vulnerability is an unauthenticated Stored Cross-Site Scripting (XSS) via comments in all versions up to 3.30, caused by insufficient input sanitization and output escaping. Impa...

CVE-2024-5418 DethemeKit For Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slitems Attribute

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...

WordPress Plugin 'Yoast SEO' < 22.7 XSS

The WordPress application running on the remote host has a version of the 'Yoast SEO' plugin that is prior to 22.7. It is, therefore, affected by a stored cross-site scripting XSS vulnerability due to insufficient input sanitization and output escaping. An authenticated attacker with...

Starter Templates — Elementor, WordPress & Beaver Builder Templates < 4.2.2 - Contributor+ Stored Cross-Site Scripting

Description The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes...

CVE-2024-35504

A cross-site scripting XSS vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt...

CVE-2024-35504

A cross-site scripting XSS vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt...

CVE-2024-3946

CVE-2024-3946 describes a stored cross-site scripting vulnerability in the WordPress plugin WP To Do (versions up to and including 1.3.0). The issue arises from insufficient input sanitization and output escaping in admin/settings handling, enabling an authenticated attacker with administrator-le...

CVE-2024-3063

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...

CVE-2024-2253 Testimonial Carousel For Elementor <= 10.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-3190 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-3063

CVE-2024-3063 refers to a Stored Cross‑Site Scripting (XSS) vulnerability in the WPB Elementor Addons WordPress plugin. Affected versions are all ≤ 1.0.9, due to insufficient input sanitization and output escaping on widget tag attributes. Exploitation requires authentication at contributor level...

CVE-2024-5039

CVE-2024-5039 concerns the HUSKY – Products Filter Professional for WooCommerce WordPress plugin. It enables Stored Cross-Site Scripting via shortcode attributes due to insufficient input sanitization and output escaping in versions up to 1.3.5.3. Exploitation requires authenticated access at con...

WP Next Post Navi <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP Next Post Navi plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to...

Gum Elementor Addon < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets

Description The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-35581

A cross-site scripting XSS vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field...

CVE-2024-35581

A cross-site scripting XSS vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field...

CVE-2024-35621

A cross-site scripting XSS vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field...

CVE-2024-5229

CVE-2024-5229 affects the Primary Addon for Elementor plugin (WordPress) through the Pricing Table widget in versions up to and including 1.5.5. The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping on user-supplied attributes. Exploit...

CVE-2024-5220

The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...

CVE-2024-4455

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...