6.4

CVSS3.1

CVE-2024-2165 - SEOPress – On-site SEO <= 7.5.2.1 - Authenticated (Author+) Stored Cross-Site Scripting

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access o…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

5.4

CVSS3.1

CVE-2024-2786 - Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scr…

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for authenticated attackers…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

6.3

CVSS3.1

CVE-2024-1850 - AI Post Generator | AutoWriter <= 3.3 - Missing Authorization

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with s…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2336 - Popup Maker – Popup for opt-ins, lead gen, & more <= 1.18.2 - Authenticated (Contributor+) Stored C…

The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-0826 - Qi Addons For Elementor <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacke…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:18 p.m.

7.5

CVSS3.1

CVE-2024-1308 - WooCommerce Cloak Affiliate Links <= 1.0.33 - Missing Authorization to Unauthenticated Permalink Mo…

The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the …

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2513 - WP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attr…

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

9.8

CVSS3.1

CVE-2024-2804 - Network Summary <= 2.0.11 - Unauthenticated SQL Injection

The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for una…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-1960 - ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input …

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

8.8

CVSS3.1

CVE-2024-2018 - WP Activity Log Premium <= 4.6.4 - Authenticated (Subscriber+) SQL Injection

The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.
Total resulsts: 349182
Page 10364 of 34,919
« previous page » next page
Filters