7.1
CVE-2024-56267 - WordPress Interactive UK Map plugin <= 3.4.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in html5maps Interactive UK Map interactive-uk-map allows Stored XSS.This issue affects Interactive UK Map: from n/a through <= 3.4.8.
6.3
CVE-2024-56266 - WordPress MP3 Audio Player plugin <= 5.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.8.
6.6
CVE-2024-56264 - WordPress ACF City Selector plugin <= 1.14.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0.
6.5
CVE-2024-56263 - WordPress GS Shots for Dribbble plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Shots for Dribbble gs-dribbble-portfolio allows DOM-Based XSS.This issue affects GS Shots for Dribbble: from n/a through <= 1.2.0.
6.5
CVE-2024-56262 - WordPress GS Coaches plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Coaches gs-coach allows Stored XSS.This issue affects GS Coaches: from n/a through <= 1.1.0.
6.5
CVE-2024-56261 - WordPress Project Showcase plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins Project Showcase gs-projects allows Stored XSS.This issue affects Project Showcase: from n/a through <= 1.1.1.
6.5
CVE-2024-56260 - WordPress ShopElement plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StorePlugin ShopElement shopelement allows Stored XSS.This issue affects ShopElement: from n/a through <= 2.0.0.
6.5
CVE-2024-56259 - WordPress GeoDirectory plugin <= 2.3.84 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through <= 2.3.84.
6.5
CVE-2024-56258 - WordPress Magazine Blocks plugin <= 1.3.20 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlockArt Magazine Blocks magazine-blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through <= 1.3.20.
4.3
CVE-2024-56255 - WordPress AyeCode Connect plugin <= 1.3.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Stiofan AyeCode Connect ayecode-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AyeCode Connect: from n/a through <= 1.3.8.