6.4
CVE-2024-11894 - The Permalinker <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated aβ¦
6.4
CVE-2024-11855 - Koalendar β Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cβ¦
The Koalendar β Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βheightβ parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackβ¦
4.3
CVE-2024-12447 - Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+β¦
The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-lβ¦
6.4
CVE-2024-12523 - States Map US <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map' shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated atβ¦
6.4
CVE-2024-12458 - Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticaβ¦
6.1
CVE-2024-12411 - WP Ad Guru β Banner ad, Responsive popup, Popup maker, Ad rotator & More <= 2.5.4 - Reflected Crossβ¦
The WP Ad Guru β Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for β¦
6.4
CVE-2024-12448 - Posts and Products Views for WooCommerce <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scβ¦
The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it pβ¦
6.4
CVE-2024-11883 - Connatix Video Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authβ¦
6.4
CVE-2024-12517 - WooCommerce Cart Count Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible β¦
6.4
CVE-2024-11763 - Plezi <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, withβ¦