8.8

CVSS3.1

CVE-2024-1893 - Easy Property Listings <= 3.5.2 - Authenticated(Contributor+) SQL Injection via Shortcode

The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:20 p.m.

6.4

CVSS3.1

CVE-2024-3167 - Ocean Extra <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permi…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.

6.4

CVSS3.1

CVE-2024-2289 - PowerPack Lite for Beaver Builder <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scriptin…

The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for au…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.

6.4

CVSS3.1

CVE-2024-2507 - JetWidgets For Elementor <= 1.0.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wi…

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated atta…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-2847 - WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shor…

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated att…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-2335 - Elements Plus! <= 2.16.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links

The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers …

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2871 - Media Library Assistant <= 3.13 - Authenticated (Contributor+) SQL Injection via Shortcode

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible …

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

9.8

CVSS3.1

CVE-2024-3136 - MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code …

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

5.8

CVSS3.1

CVE-2024-3214 - Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloade…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

4.4

CVSS3.1

CVE-2024-0598 - Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting v…

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for au…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:18 p.m.
Total resulsts: 349182
Page 10359 of 34,919
« previous page » next page
Filters