6.4
CVE-2024-13157 - MP3 Audio Player β Music Player, Podcast Player & Radio by Sonaar <= 5.9.3 - Authenticated (Contribβ¦
The MP3 Audio Player β Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Podcast RSS Feed in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makesβ¦
4.3
CVE-2024-13530 - Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletioβ¦
The Custom Login Page Styler β Limit Login Attempts β Restrict Content With Login β Redirect After Login β Change Login URL β Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lps_handle_delete_all_logs(), lps_handle_delete_login_lβ¦
5.9
CVE-2024-13623 - Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unproβ¦
The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads dβ¦
6.1
CVE-2024-13226 - A5 Custom Login Page <= 2.8.1 - Reflected XSS
The A5 Custom Login Page WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13225 - ECT Home Page Products <= 1.9 - Reflected XSS
The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13224 - SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS
The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13223 - Tabulate <= 2.10.3 - Reflected XSS
The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13222 - User Messages <= 1.2.4 - Reflected XSS
The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13221 - Fantastic Elasticsearch <= 4.1.0 - Reflected XSS
The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13220 - Google Map Professional <= 1.0 - Reflected XSS
The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.