7 matches found
CVE-2024-32598
CVE-2024-32598 affects BA Book Everything (WordPress plugin) with Stored XSS via shortcode in versions up to 1.6.8. Root cause: Improper input neutralization during web page generation. Impact per sources: potential stored XSS within affected pages; remediation: upgrade to v1.6.8 (patched). Not a...
CVE-2024-32125
CVE-2024-32125 (BA Book Everything) is an authenticated SQL Injection vulnerability in the BA Book Everything plugin (
CVE-2024-32576
The CVE-2024-32576 entry concerns the WordPress plugin BA Book Everything (WordPress Plugin) with versions ≤ 1.6.8. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by improper neutralization during web page generation, resulting in stored XSS. Affected component: the WordPress plugi...
CVE-2024-3672
CVE-2024-3672 affects BA Book Everything, a WordPress plugin. It describes Stored Cross‑Site Scripting via the plugin’s all-items shortcode in all versions up to and including 1.6.8, caused by insufficient input sanitization and output escaping for user-supplied attributes (e.g., classes). The vu...
CVE-2024-8794
CVE-2024-8794 affects the BA Book Everything WordPress plugin (versions
CVE-2024-8795
CVE-2024-8795 : The BA Book Everything WordPress plugin (versions
CVE-2024-47360
CVE-2024-47360 : WordPress BA Book Everything plugin (vulnerable: