Short URL <= 1.6.8 - Reflected Cross-Site Scripting

Description The Short URL plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-32344

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...

CVE-2024-32744

WonderCMS v3.4.3 contains a cross-site scripting (XSS) vulnerability in the Settings section. The flaw allows arbitrary script/HTML execution via a payload in the PAGE KEYWORDS parameter under the CURRENT PAGE module. Public sources confirm the affected component and trigger, but none provide a p...

CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action...

CVE-2024-32339

Multiple cross-site scripting XSS vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters...

Jobs for WordPress < 2.7.6 - Reflected Cross-Site Scripting via job-search

Description The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘job-search’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-3672

The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This makes it...

CVE-2024-3067

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

CVE-2024-3067

CVE-2024-3067 (WooCommerce Google Feed Manager) : WordPress plugin vulnerable to SQL Injection via the id parameter in all versions up to 2.4.2 due to insufficient escaping in the SQL query; authenticated admins (and above) can inject additional SQL to extract data, and unauthenticated users coul...

CVE-2024-3867 Tainacan Interface <= 2.7.2 - Reflected Cross-Site Scripting

The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...

CVE-2024-3867

CVE-2024-3867 affects the WordPress theme archive-tainacan-collection, up to version 2.7.2. The root cause is Reflected Cross-Site Scripting due to using add_query_arg without proper escaping, enabling unauthenticated attackers to inject scripts in pages that execute when a user clicks a link. Pu...

CVE-2024-31649

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

CVE-2024-31650

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter...

CVE-2024-31648

Cross Site Scripting XSS in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/newcategory2...

CVE-2024-31650

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter...

CVE-2024-31648

CVE-2024-31648 describes a cross-site scripting (XSS) vulnerability in Insurance Management System v1.0. The issue allows remote attackers to inject arbitrary web scripts or HTML via the Category Name parameter at /core/new_category2, enabling attacker-controlled script execution in the victim’s ...

CVE-2024-31648

Cross Site Scripting XSS in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/newcategory2...

CVE-2024-31649

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

CVE-2024-31650

CVE-2024-31650 describes a cross-site scripting (XSS) vulnerability in the Cosmetics and Beauty Product Online Store v1.0. The flaw is triggered through a crafted payload in the Last Name parameter, allowing arbitrary web scripts/HTML execution. The NVD entry reports a CVSSv3.1 base score of 9.6 ...

CVE-2024-31648

Cross Site Scripting XSS in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/newcategory2...