CVE-2024-2273 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-2273 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-4324

The WP Video Lightbox plugin for WordPress (CVE-2024-4324) is affected in all versions up to 1.9.10. The issue is Stored Cross-Site Scripting via the width parameter caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or h...

CVE-2024-4324 WP Video Lightbox <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter

The WP Video Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4034

The CVE-2024-4034 entry concerns the Virtue WordPress theme. A Stored Cross-Site Scripting vulnerability exists in all versions up to and including 3.4.8 due to insufficient input sanitization and output escaping when the homepage’s latest posts feature is enabled. Exploitation requires authentic...

CVE-2024-2328 Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-2328

CVE-2024-2328 – Real Media Library: WordPress plugin Real Media Library (Lite) stores Cross‑Site Scripting via image title/alt text. Root cause: insufficient input sanitization and output escaping in image metadata. Affected: all versions up to and including 4.22.11. Impact: authenticated attacke...

CVE-2024-2328

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-3725

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-1840 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...

CVE-2023-6961

CVE-2023-6961 : The WP Meta SEO WordPress plugin is affected by an unauthenticated Stored Cross-Site Scripting (XSS) via the Referer header in all versions up to 4.5.12 due to insufficient input sanitization and output escaping. Exploitation allows an attacker to inject scripts that execute in a ...

CVE-2024-3588

CVE-2024-3588: Getwid – Gutenberg Blocks vulnerable to Stored Cross-Site Scripting via the Countdown block in all versions up to 2.0.7 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher; attacker can inject scripts...

CVE-2024-4036

CVE-2024-4036 concerns the Sydney Toolbox plugin for WordPress. It enables Stored Cross-Site Scripting via the style parameter in all versions up to and including 1.30. The vulnerability requires authentication with at least Contributor access and can allow injection of arbitrary scripts that exe...

CVE-2024-3337 Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibribreadcrumbelement' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-3715

CVE-2024-3715 relates to the Database for Contact Form 7, WPforms, and Elementor forms plugins on WordPress. It describes a Stored Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts that execute wh...

CVE-2024-3199

CVE-2024-3199 (The Plus Addons for Elementor) Details: Authenticated attackers (Contributor+ or higher) can exploit a stored XSS via the Countdown widget in The Plus Addons for Elementor, affecting all versions up to 5.4.2 due to insufficient input sanitization and output escaping. Connected sour...

CVE-2024-4265

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-3729 Frontend Admin by DynamiApps <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can ...

CVE-2024-2084 HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-2084

CVE-2024-2084 affects HT Mega – Absolute Addons For Elementor (WordPress) via the lightbox widget. Connected sources confirm a Stored XSS due to insufficient input sanitization and output escaping for user-supplied attributes in versions up to and including 2.4.6. Impact requires authentication a...