6.1
CVE-2024-13628 - WP Pricing Table <= 1.1 - Reflected XSS
The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.1
CVE-2024-13624 - WPMovieLibrary <= 2.1.4.8 - Reflected XSS
The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.1
CVE-2024-13571 - Post Timeline < 2.3.10 - Reflected XSS
The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
5.9
CVE-2024-13113 - Countdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSS
The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
7.1
CVE-2024-12878 - Custom Block Builder β Lazy Blocks < 3.8.3 - Reflected XSS
The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-12737 - WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
5.4
CVE-2024-10563 - WooCommerce Cart Count Shortcode < 1.1.0 - Contributor+ XSS
The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptinβ¦
7.1
CVE-2024-10483 - SimplePress Forum < 6.10.11 - Reflected XSS
The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
7.1
CVE-2024-10152 - Simple Certain Time to Show Content < 1.3.1 - Reflected XSS
The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.1
CVE-2024-39441 -
In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.