WordPress Contact Form and Calls To Action by vcita plugin <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Contact Form and Calls To Action by vcita versions = 2.7.1...

EUVD-2024-46942

Malicious code in bioql PyPI...

WordPress Contact Form and Calls To Action by vcita plugin <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle vulnerability

Missing Authorization to Authenticated Subscriber+ Contact/Widget Toggle vulnerability discovered by yudha in WordPress Plugin Contact Form and Calls To Action by vcita versions = 2.7.1...

CVE-2024-35761

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.0...

CVE-2023-2299 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Missing Authorization on REST-API

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.4.2 due to a missing capability check on the processAction...