6.4

CVSS3.1

CVE-2024-2347 - Astra <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2787 - Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated …

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.

6.5

CVSS3.1

CVE-2024-2093 - VK All in One Expansion Unit <= 9.95.0.1 - Information Exposure

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content.

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:20 p.m.

5.3

CVSS3.1

CVE-2024-3213 - Relevanssi – A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Upda…

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensi…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.

8.8

CVSS3.1

CVE-2024-2341 - Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticat…

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.

5.3

CVSS3.1

CVE-2024-1984 - Graphene <= 2.9.2 - Missing Authorization

The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source.

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2081 - FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authen…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:20 p.m.

6.4

CVSS3.1

CVE-2024-1458 - Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vi…

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authen…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:20 p.m.

6.4

CVSS3.1

CVE-2024-2456 - Ecwid Ecommerce Shopping Cart <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting …

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenti…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2792 - Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scrip…

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with co…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.
Total resulsts: 349182
Page 10355 of 34,919
« previous page » next page
Filters