6.5
CVE-2024-10856 - Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection
The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the ex…
6.5
CVE-2024-11726 - Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated …
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied parameter…
5.4
CVE-2024-10584 - DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated …
6.4
CVE-2024-12268 - Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.7 - Authenticated (Contributor+) Stored Cross…
The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possibl…
8.8
CVE-2024-12881 - PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorizatio…
The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restore_version() function in all versions up to, and including, 0.0.7. This makes it possible for authent…
4.9
CVE-2024-12850 - Database Backup and check Tables Automated With Scheduler 2024 <= 2.32 - Authenticated (Admin+) Arb…
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with administrator-level acce…
6.5
CVE-2024-12031 - Advanced Floating Content <= 3.8.2 - Authenticated (Subscriber+) SQL Injection
The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …
5.3
CVE-2024-12103 - Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Con…
The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unau…
6.4
CVE-2024-8721 - Tracking Code Manager <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level …
6.1
CVE-2024-12468 - WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting
The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inj…