5.3
CVE-2024-12255 - Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information thaβ¦
9.8
CVE-2024-10124 - Vayu Blocks β Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauβ¦
The Vayu Blocks β Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unautβ¦
7.5
CVE-2024-12172 - WP Courses LMS β Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= β¦
The WP Courses LMS β Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21. This makes it pβ¦
6.4
CVE-2024-11765 - WordPress Portfolio Plugin β A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and moβ¦
The WordPress Portfolio Plugin β A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_portfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization anβ¦
6.1
CVE-2024-12072 - Analytics Cat β Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting
The Analytics Cat β Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to inject arbβ¦
4.3
CVE-2024-12018 - Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, with β¦
6.1
CVE-2024-11359 - Library Bookshelves <= 5.8 - Reflected Cross-Site Scripting
The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pagβ¦
8.8
CVE-2024-12040 - Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Loβ¦
The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access β¦
6.4
CVE-2024-11781 - Smart Agenda β Prise de rendez-vous en ligne <= 4.6 - Authenticated (Contributor+) Stored Cross-Sitβ¦
The Smart Agenda β Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes itβ¦
6.4
CVE-2024-11882 - FAQ And Answers β Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contβ¦
The FAQ And Answers β Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attribuβ¦