8.1
CVE-2024-10111 - OAuth Single Sign On β SSO (OAuth Client) <= 6.26.3 - Authentication Bypass
The OAuth Single Sign On β SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackersβ¦
6.4
CVE-2024-11901 - PowerBI Embed Reports <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MO_API_POWER_BI' shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for autβ¦
6.1
CVE-2024-11417 - dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation on the djo_einstellungen_menue() function. This makes it possible for unauthenticated attackers to uβ¦
9.8
CVE-2024-11015 - Sign In With Google <= 1.8.0 - Authentication Bypass in authenticate_user
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possiβ¦
8.8
CVE-2024-11443 - de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update
The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subβ¦
6.1
CVE-2024-11419 - Password for WP <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the get3_init_admin_page() function. This makes it possible for unauthenticated attackers to update settings and inβ¦
6.4
CVE-2024-12461 - WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentβ¦
6.4
CVE-2024-11433 - Surbma | SalesAutopilot Shortcode <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aβ¦
6.4
CVE-2024-11914 - Gutenberg Blocks and Page Layouts β Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Crβ¦
The Gutenberg Blocks and Page Layouts β Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks/post-carousel' block in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authβ¦
6.4
CVE-2024-11427 - Catch Popup <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attβ¦