8.8

CVSS3.1

CVE-2024-1990 - RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.…

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied par…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

6.4

CVSS3.1

CVE-2024-2334 - Template Kit – Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template u…

The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author …

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-1466 - Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vi…

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for auth…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

6.1

CVSS3.1

CVE-2024-2198 - Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address

The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attack…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2024-0626 - WooCommerce Clover Payment Gateway <= 1.3.1 - Missing Authorization via callback_handler

The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid.

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

5.9

CVSS3.1

CVE-2024-2112 - Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Infor…

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive da…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

4.4

CVSS3.1

CVE-2024-0662 -

The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, …

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: May 6, 2025, 3:24 p.m.

6.4

CVSS3.1

CVE-2024-2436 - Lightweight Accordion <= 1.5.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Short…

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated att…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

8.8

CVSS3.1

CVE-2024-1315 - Classified Listing <= 3.0.4 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_a…

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible f…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

5.3

CVSS3.1

CVE-2023-6777 - WP Go Maps (formerly WP Google Maps) <= 9.0.34 - Information Exposure to Potential Denial of Service

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Goo…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 4:52 p.m.
Total resulsts: 349182
Page 10363 of 34,919
« previous page » next page
Filters