5.3
CVE-2024-2797 - MailerLite β Signup forms (official) <= 1.7.6 - Missing Authorization
The MailerLite β Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for β¦
5.3
CVE-2024-3287 - SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization
The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticatedβ¦
5.3
CVE-2024-3870 - Contact Form 7 Database Addon β CFDB7 <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure
The Contact Form 7 Database Addon β CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Inforβ¦
7.2
CVE-2024-1173 - WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.1β¦
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied parameter and lack of sβ¦
6.4
CVE-2024-3650 -
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions 3.0.7 through 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leveβ¦
6.1
CVE-2024-0848 - AA Cash Calculator <= 1.0 - Reflected Cross-Site Scripting via invoice
The AA Cash Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βinvoiceβ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web β¦
6.4
CVE-2024-2542 - Jotform Online Forms <= 1.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcβ¦
The Jotform Online Forms β Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied aβ¦
5.3
CVE-2024-0908 - Advanced Post Block β Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorβ¦
The Advanced Post Block β Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible β¦
6.4
CVE-2024-2084 - HT Mega β Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Sβ¦
The HT Mega β Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fβ¦
5.3
CVE-2024-3312 - Easy Custom Auto Excerpt <= 2.4.12 - Sensitive Information Exposure
The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts.