6.4
CVE-2024-12464 - Chatroll Live Chat <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'chatroll' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…
6.1
CVE-2024-12261 - SmartEmailing.cz <= 2.2.0 - Reflected Cross-Site Scripting
The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'se-lists-updated' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbit…
6.4
CVE-2024-12439 - Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketpl…
The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat…
7.5
CVE-2024-12849 - Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Unauthenticated Arbitrary File Re…
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, …
6.1
CVE-2024-11369 - Store credit / Gift cards for woocommerce <= 1.0.49.46 - Reflected Cross-Site Scripting
The Store credit / Gift cards for woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'coupon', 'start_date', and 'end_date' parameters in all versions up to, and including, 1.0.49.46 due to insufficient input sanitization and output escaping. This makes it poss…
5.3
CVE-2024-9697 - Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticate…
6.4
CVE-2024-11749 - App Embed <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,…
6.1
CVE-2024-12324 - Unilevel MLM Plan <= 1.1.0 - Reflected Cross-Site Scripting via 'page'
The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web sc…
6.1
CVE-2024-12435 - Compare Products for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting
The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s_feature’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inj…
6.4
CVE-2024-11382 - Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites <= 1.1.…
The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'commonninja' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output es…