5210 matches found
CVE-2024-4092
CVE-2024-4092 affects Slider Revolution (revslider) for WordPress. It is a Stored XSS via the htmltag parameter in all versions up to 6.7.7. Exploitation is possible by authenticated users (administrators; authors if enabled) and can affect pages viewed by other users. The CVE entry is marked as ...
CVE-2024-4092
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web...
CVE-2024-1386
CVE-2024-1386 impacts the MailerLite – Signup forms (official) WordPress plugin. It enables Stored Cross-Site Scripting via shortcode attributes in versions 1.5.0–1.7.6, allowing authenticated attackers with contributor-level and higher to inject scripts into pages. The provided documents confirm...
CVE-2024-3677
CVE-2024-3677 refers to The Ultimate 410 Gone Status Code plugin for WordPress, vulnerable to Stored XSS via the 410 entries in all versions up to 1.1.4. The issue requires authentication at contributor+ level and can cause arbitrary script execution on pages loaded by users. The vulnerability ha...
CVE-2024-1805 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button onclick attribute
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...
CVE-2024-3489
The CVE-2024-3489 entry concerns Exclusive Addons for Elementor (WordPress). It describes a Reflected Cross-Site Scripting vulnerability in the Countdown Expired Title, affecting all versions up to 2.6.9.4. The root cause is insufficient input sanitization and output escaping, enabling unauthenti...
CVE-2024-3489 Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2024-1993
CVE-2024-1993 affects the WordPress Icon Widget plugin. Versions up to and including 1.3.0 are vulnerable to Stored XSS via shortcode attributes due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling an attac...
CVE-2024-3670
CVE-2024-3670 : Leaflet Maps Marker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mapsmarker shortcode in all versions up to and including 3.12.8. Root cause: insufficient input sanitization and output escaping for user-provided shortcode attributes (e.g., mapwidthunit...
CVE-2024-3991
CVE-2024-3991 affects ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules (formerly WooLentor) for WordPress. The vulnerability is Stored Cross-Site Scripting via the _id attribute in the Horizontal Product Filter in all versions up to 2.8.7, caused by insufficient input saniti...
CVE-2024-4203 Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-3647 Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style'
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-3338
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...
CVE-2024-3338
The CVE-2024-3338 entry concerns Colibri Page Builder for WordPress. It enables Stored Cross-Site Scripting via the image alt data parameter in all versions up to 1.0.262 due to insufficient input sanitization and output escaping. Authenticated attackers with author-level access and above can inj...
CVE-2024-3341 Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxgmaps' shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2024-1841 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...
CVE-2024-2750 Exclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-3045
Technical details about CVE-2024-3045 (affected plugin versions, root cause, exploitation, and remediation) are not present in the provided connected documents. Monitor official advisories (NVD/Red Hat/ENISA/Wordfence) for updates and fixes.
CVE-2024-3021
The CVE-2024-3021 entry concerns the Mhr Post Ticker WordPress plugin. Reported vulnerability: Stored Cross-Site Scripting via the Header Title value in all versions up to and including 1.1, caused by insufficient input sanitization and output escaping. Impact is limited to multi-site WordPress i...
CVE-2024-3021 Mhr Post Ticker <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Header Title value in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acces...