4.8
CVE-2024-3261 - Strong Testimonials < 3.1.12 - Contributor+ Stored XSS
The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific vβ¦
3.8
CVE-2024-2972 - Floating Chat Widget < 3.1.9 - Editor+ Stored XSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attackβ¦
5.4
CVE-2024-2404 - Better Comments < 1.5.6 - Subscriber+ Stored XSS
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks.
5.4
CVE-2024-2402 - Better Comments < 1.5.6 - Admin+ Stored XSS
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
6.5
CVE-2024-1756 - WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure
The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name
5.9
CVE-2024-1743 - WooCommerce Customers Manager < 29.8 - Reflected XSS
The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
6.1
CVE-2023-7253 - Import WP < 2.13.1 - Admin+ Server-side Request Forgery
The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.
6.3
CVE-2024-4093 - SourceCodester Simple Subscription Website view_application.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit hasβ¦
0.0
CVE-2024-4108 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
9.8
CVE-2024-28613 -
SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component.