CVE-2024-30886

A stored cross-site scripting XSS vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter...

CVE-2024-2477

CVE-2024-2477 affecting wpDiscuz for WordPress: Stored XSS via the image Alt text in image uploads exists in all versions up to 7.6.15 due to insufficient input sanitization/output escaping. The Red Hat advisory and Wordfence note describe the vulnerability as present in wpDiscuz and detail that ...

CVE-2024-3732

The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdsingletabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on us...

CVE-2024-3732 GeoDirectory – WordPress Business Directory Plugin, or Classified Directory <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode

The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdsingletabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on us...

CVE-2024-3665 Rank Math SEO with AI SEO Tools <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleWrapper'

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-2798

CVE-2024-2798 – Royal Elementor Addons and Templates (WordPress) : A DOM-based stored cross-site scripting vulnerability affects all versions up to 1.3.971 in the plugin, caused by insufficient input sanitization and output escaping on widget container attributes. Exploitation requires authentica...

CVE-2024-2799

CVE-2024-2799 affects the Royal Elementor Addons and Templates WordPress plugin. The issue is stored XSS via Image Grid and Advanced Text widgets due to insufficient input sanitization and output escaping in user-supplied attributes, allowing an authenticated attacker with contributor+ privileges...

CVE-2024-30886

A stored cross-site scripting XSS vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter...

Related Posts for WordPress <= 4.0.3 - Cross-Site Request Forgery

Description The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.3. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-30886

Issue summary: CVE-2024-30886 is a stored XSS in HadSky v7.6.3, specifically in the remotelink function where an attacker can inject a crafted payload into the url parameter to execute arbitrary web scripts/HTML. Affected component: HadSky, version 7.6.3, remotelink functionality. Root cause & im...

BMI Adult & Kid Calculator < 1.2.2 - Cross-Site Request Forgery to Cross-Site Scripting

Description The BMI Adult & Kid Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on several AJAX functions. This makes it possible for unauthenticated attackers to inject...

CVE-2024-30886

A stored cross-site scripting XSS vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter...

Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting

Description The Canva – Design beautiful blog graphics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2022-34560

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...

CVE-2022-34562

CVE-2022-34562 is a cross-site scripting (XSS) vulnerability in PHPFox v4.8.9. The flaw enables attackers to run arbitrary web scripts/HTML through a crafted payload injected into the status box. Affected software: PHPFox 4.8.9. Underlying cause: XSS in the status box (no additional technical det...

Colibri Page Builder < 1.0.264 - Author+ Stored Cross-Site Scripting

Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Frontend Admin by DynamiApps < 3.19.5 - Improper Missing Encryption Exception Handling to Form Manipulation

Description The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms...

CVE-2022-34561

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter...

CVE-2022-34561

CVE-2022-34561 is a cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 that allows injection of arbitrary web scripts/HTML through the video description parameter. Documented in multiple sources (NVD, Red Hat, CVE list, CNNVD, PT Security) with CVSS v3.1 base score 4.3 (Medium) and network...

CVE-2022-34560

CVE-2022-34560 affects PHPFox v4.8.9 with a reflected XSS via the History parameter. The vulnerability allows attackers to execute arbitrary web scripts or HTML in affected web pages. Documented impact is limited to client-side script execution; no exploitation details are provided in the sources...