6.4
CVE-2024-2423 - UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output …
0.0
CVE-2024-3093 -
** DUPLICATE ** Accidental request. Please use CVE-2024-1752 instead.
4.3
CVE-2024-2261 - Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure
The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including …
6.4
CVE-2024-2845 - BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For E…
The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input sanitizat…
8.8
CVE-2024-2125 - EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File …
The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to uplo…
6.4
CVE-2023-6993 - Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site S…
The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. Thi…
6.1
CVE-2024-2200 - Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attack…
7.2
CVE-2024-1794 - Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload
The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we…
6.4
CVE-2024-3266 - Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget UR…
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attac…
6.4
CVE-2024-2226 - Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (…
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This ma…