CVE-2024-56020

CVE-2024-56020 (SvegliaT Buttons) is a stored XSS vulnerability in SvegliaT Buttons (Mario Di Pasquale) affecting versions up to 1.3.0. The issue is described as Improper Neutralization of Input During Web Page Generation (XSS) and is labeled as an authenticated (Contributor+) vulnerability. The ...

PT-2024-34034 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress plugins versions 1.3.4 through 3.5.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library due to insufficient input sanitization and output escaping on user-supplied...

WordPress plugin多款产品 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress plugin多款产品 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

CVE-2024-9422

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

CVE-2024-9422

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

Vulnerabilities of the plugins Really Simple Security Free, Really Simple Security Pro, and Really Simple Security Pro Multisite of the WordPress content management system, which allow attackers to increase their privileges.

The vulnerabilities of the Really Simple Security Free, Really Simple Security Pro, and Really Simple Security Pro Multisite plugins of the WordPress content management system are related to authentication process flaws. Exploiting these vulnerabilities can allow attackers to increase their...

CVE-2024-9529

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privile...

CVE-2024-10924

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...

VulnCheck KEV: CVE-2024-10924

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it...

WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera versions = 4.0...

PT-2024-34276

Name of the Vulnerable Software and Affected Versions: WP Query Console versions n/a through 1.0 Hunk Companion versions prior to 1.9.0 Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows code injection. This vulnerability...

CVE-2024-9593

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute code on t...

CVE-2024-9593

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute code on t...

CVE-2016-15042

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...

EUVD-2016-10786

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...

CVE-2022-4974

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...

CVE-2022-4974

The connected sources confirm CVE-2022-4974 concerns the Freemius SDK used in WordPress plugins/themes, with a root cause of missing capability checks and nonce protection in the functions _get_debug_log, _get_db_option, and _set_db_option. Versions up to and including 2.4.2 are vulnerable to Cro...

VulnCheck KEV: CVE-2016-15042

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible...

VulnCheck KEV: CVE-2012-10018

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if...