6.4
CVE-2024-2788 - Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting viaβ¦
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated β¦
6.4
CVE-2024-2650 - Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= β¦
The Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient inputβ¦
6.4
CVE-2024-2783 - GamiPress β The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress β¦
The GamiPress β The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escapiβ¦
6.1
CVE-2024-2738 - Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting
The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the βsβ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated β¦
4.3
CVE-2024-0588 - Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery
The Paid Memberships Pro β Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. Thisβ¦
6.4
CVE-2024-1948 - Getwid β Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Blβ¦
The Getwid β Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access aβ¦
4.4
CVE-2024-1571 - WP Recipe Maker <= 9.2.1 - Authenticated Stored Cross-Site Scripting via Video Embed
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe dβ¦
6.4
CVE-2024-2181 - Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scriptingβ¦
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leβ¦
5.9
CVE-2023-6799 - WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness
The WP Reset β Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data includβ¦
6.4
CVE-2024-2027 - Real Media Library: Media Library Folder & File Manager <= 4.22.7 - Authenticated (Contributor+) Stβ¦
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atβ¦