6.4
CVE-2024-1464 - Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vi…
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at…
7.5
CVE-2023-7046 - WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= …
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to e…
5.3
CVE-2024-2974 - Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= …
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive…
6.4
CVE-2024-2183 - Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting…
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-l…
6.4
CVE-2024-3244 - EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any …
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14…
8.8
CVE-2024-1991 - RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.…
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for au…
5.3
CVE-2024-3097 - WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Infor…
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data includin…
4.3
CVE-2024-2543 - Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts.
6.4
CVE-2024-2186 - Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting…
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contribu…
6.4
CVE-2024-2457 - Modal Window – create popup modal window <= 5.3.8 - Authenticated(Contributor+) Stored Cross-Site S…
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…