4.3
CVE-2024-10677 - BTEV <= 2.0.2 - Settings Update via CSRF
The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
4.8
CVE-2024-10639 - Auto Prune Posts < 3.0.0- Admin+ Stored XSS
The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.3
CVE-2024-10634 - Nokaut Offers Box <= 1.4.0 - Plugin Reset via CSRF
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack
4.8
CVE-2024-10632 - Nokaut Offers Box <= 1.4.0 - Admin+ Stored XSS
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
6.5
CVE-2024-10631 - Countdown Timer <= 1.0.5 - Contributor+ Stored XSS
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptinβ¦
5.4
CVE-2024-10504 - ARForms Builder < 1.7.1 - Unauthenticated Stored XSS
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
4.8
CVE-2024-10475 - Lead Form Builder < 1.9.8 - Admin+ Stored XSS
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fβ¦
4.8
CVE-2024-10362 - Social Media Share Buttons < 2.9.0 - Admin+ Stored XSS
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for examβ¦
4.8
CVE-2024-10149 - Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.8
CVE-2024-10145 - Hubbub Lite < 1.34.4 - Admin+ Stored XSS
The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).