4.3
CVE-2024-13560 - Subscriptions & Memberships for PayPal <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deleβ¦
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary postsβ¦
6.4
CVE-2024-13803 - Essential Blocks β Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Coβ¦
The Essential Blocks β Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βdata-markerβ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possibleβ¦
6.1
CVE-2024-13678 - R3W Instafeed <= 1.0 - Reflected XSS
The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13669 - CalendApp <= 1.1 - Reflected XSS
The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13634 - Post Sync <= 1.1 - Reflected XSS
The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.1
CVE-2024-13633 - Simple Catalogue <= 1.0.2 - Reflected XSS
The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.1
CVE-2024-13632 - WP Extra Fields <= 1.0.1 - Reflected XSS
The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.1
CVE-2024-13631 - OM Stripe <= 02.00.00 - Reflected XSS
The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13630 - News List <= 1.0 - Reflected XSS
The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13629 - Pushbiz <= 1.0 - Reflected XSS
The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.