6.4
CVE-2024-13577 - CATS Job Listings <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated aโฆ
5.3
CVE-2024-13540 - WooODT Lite โ Delivery & pickup date time location for WooCommerce <= 2.5.1 - Unauthenticated Full โฆ
The WooODT Lite โ Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the /inc/bycwooodt_get_all_orders.php file being publicly accessible and generating a publicly visible error mesโฆ
6.4
CVE-2024-12813 - Open Hours โ Easy Opening Hours <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Open Hours โ Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makeโฆ
4.3
CVE-2025-0796 - Mortgage Lead Capture System <= 8.2.11 - Cross-Site Request Forgery to Settings Reset
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.11. This is due to missing or incorrect nonce validation on the 'wprequal_reset_defaults' action. This makes it possible for unauthenticated attackers to resetโฆ
6.4
CVE-2024-13579 - WP-Asambleas <= 2.85.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP-Asambleas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'polls_popup' shortcode in all versions up to, and including, 2.85.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated aโฆ
6.5
CVE-2024-13595 - Simple Signup Form <= 1.6.5 - Authenticated (Contributor+) SQL Injection
The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes โฆ
6.4
CVE-2024-13501 - WP-FormAssembly <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticatโฆ
8.1
CVE-2024-13684 - Reset <= 1.6 - Cross-Site Request Forgery to Database Reset
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the reset_db_page() function. This makes it possible for unauthenticated attackers to reset several tables in the database liโฆ
6.4
CVE-2024-13578 - WP-BibTeX <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP-BibTeX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'WpBibTeX' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackerโฆ
6.4
CVE-2025-0805 - Mortgage Calculator / Loan Calculator <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scโฆ
The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibleโฆ