6.4
CVE-2024-11781 - Smart Agenda โ Prise de rendez-vous en ligne <= 4.6 - Authenticated (Contributor+) Stored Cross-Sitโฆ
The Smart Agenda โ Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes itโฆ
6.4
CVE-2024-11882 - FAQ And Answers โ Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contโฆ
The FAQ And Answers โ Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attribuโฆ
4.3
CVE-2024-12526 - Arena.IM โ Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings Updโฆ
The Arena.IM โ Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated atโฆ
4.3
CVE-2024-11709 - AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/โฆ
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5. This makes it possible for authenticated attackers, with Contributโฆ
6.1
CVE-2024-12441 - BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting
The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary โฆ
6.1
CVE-2024-12156 - AI Content Writer, RSS Feed to Post, Autoblogging SEO Help <= 6.1.3 - Reflected Cross-Site Scripting
The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticโฆ
6.1
CVE-2024-12162 - Video & Photo Gallery for Ultimate Member <= 1.1.1 - Reflected Cross-Site Scripting
The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers toโฆ
6.1
CVE-2024-11459 - Country Blocker <= 3.2 - Reflected Cross-Site Scripting
The Country Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts โฆ
6.1
CVE-2024-11804 - Planaday API <= 11.4 - Reflected Cross-Site Scripting
The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts iโฆ
6.4
CVE-2024-10182 - Cognito Forms <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abโฆ