CVE-2024-0837

Technical details beyond the initial description are not provided in the attached documents. Monitor for updates to confirm affected versions, impact, and fixes.

CVE-2024-2471

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type' in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This...

CVE-2024-2656

CVE-2024-2656: Icegram Express Email Subscribers for WordPress contains Stored XSS via CSV import in all versions up to 5.7.14. Exploitation requires authenticated admin-level access (plus). Affected on multi-site installations and where unfiltered_html is disabled; root cause is insufficient inp...

CVE-2024-2868

CVE-2024-2868 affects the ShopLentor (WooCommerce Builder) WordPress plugin. The vulnerability is stored XSS via the slitems parameter in the WL Special Day Offer Widget, present in all versions up to 2.8.3 due to insufficient input sanitization and output escaping. Exploitation requires authenti...

Woocommerce Social Media Share Buttons <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting

Description The Woocommerce Social Media Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...

CVE-2024-3162

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...

CVE-2024-1327 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-lev...

CVE-2024-1327

CVE-2024-1327 affects the Jeg Elementor Kit WordPress plugin. It allows Stored XSS via the Image Box widget in all versions up to 2.6.3 due to inadequate input sanitization and output escaping. Exploitation requires contributor-level authentication (or higher); the script executes when a user loa...

Mailster < 2.0.0 - Reflected Cross-Site Scripting

Description The Mailster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

Booking Activities < 1.15.20 - Reflected Cross-Site Scripting

Description The Booking Activities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.15.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Convert Post Types <= 1.4 - Reflected Cross-Site Scripting

Description The Convert Post Types plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

Kanban Boards for WordPress <= 2.5.21 - Reflected Cross-Site Scripting

Description The Kanban Boards for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.5.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

Mang Board WP < 1.8.1 - Reflected Cross-Site Scripting

Description The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

Post-Plugin Library <= 2.6.2.1 - Reflected Cross-Site Scripting

Description The Post-Plugin Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Spiffy Calendar < 4.9.10 - Reflected Cross-Site Scripting

Description The Spiffy Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery

Description The Change default login logo,url and title plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce. This makes it possible for unauthenticated attackers to perform an unauthorized action and...

collectchat < 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The collectchat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

Jobeleon Theme < 1.9.2 - Reflected Cross-Site Scripting

Description The Jobeleon WPJobBoard theme for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

SEO Title Tag <= 3.5.9 - Reflected Cross-Site Scripting

Description The SEO Title Tag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...