6.4

CVSS3.1

CVE-2024-2788 - Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated …

πŸ“… Published: April 9, 2024, 6:58 p.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-2650 - Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= …

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient input…

πŸ“… Published: April 9, 2024, 6:58 p.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-2783 - GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress …

The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escapi…

πŸ“… Published: April 9, 2024, 6:58 p.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

6.1

CVSS3.1

CVE-2024-2738 - Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting

The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the β€˜s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated …

πŸ“… Published: April 9, 2024, 6:58 p.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

4.3

CVSS3.1

CVE-2024-0588 - Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This…

πŸ“… Published: April 9, 2024, 6:58 p.m. πŸ”„ Last Modified: April 8, 2026, 6:18 p.m.

6.4

CVSS3.1

CVE-2024-1948 - Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Bl…

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access a…

πŸ“… Published: April 9, 2024, 6:58 p.m. πŸ”„ Last Modified: April 8, 2026, 6:20 p.m.

4.4

CVSS3.1

CVE-2024-1571 - WP Recipe Maker <= 9.2.1 - Authenticated Stored Cross-Site Scripting via Video Embed

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe d…

πŸ“… Published: April 9, 2024, 6:58 p.m. πŸ”„ Last Modified: April 8, 2026, 6:20 p.m.

6.4

CVSS3.1

CVE-2024-2181 - Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting…

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-le…

πŸ“… Published: April 9, 2024, 6:58 p.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

5.9

CVSS3.1

CVE-2023-6799 - WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness

The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data includ…

πŸ“… Published: April 9, 2024, 6:58 p.m. πŸ”„ Last Modified: April 8, 2026, 6:18 p.m.

6.4

CVSS3.1

CVE-2024-2027 - Real Media Library: Media Library Folder & File Manager <= 4.22.7 - Authenticated (Contributor+) St…

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at…

πŸ“… Published: April 9, 2024, 6:58 p.m. πŸ”„ Last Modified: April 8, 2026, 6:20 p.m.
Total resulsts: 349182
Page 10362 of 34,919
Β« previous page Β» next page
Filters