6.4

CVSS3.1

CVE-2024-1464 - Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vi…

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

7.5

CVSS3.1

CVE-2023-7046 - WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= …

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to e…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2024-2974 - Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= …

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-2183 - Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting…

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-l…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-3244 - EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any …

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

8.8

CVSS3.1

CVE-2024-1991 - RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.…

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for au…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

5.3

CVSS3.1

CVE-2024-3097 - WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Infor…

The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data includin…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

4.3

CVSS3.1

CVE-2024-2543 - Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts.

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-2186 - Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting…

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contribu…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-2457 - Modal Window – create popup modal window <= 5.3.8 - Authenticated(Contributor+) Stored Cross-Site S…

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.
Total resulsts: 349182
Page 10361 of 34,919
« previous page » next page
Filters