6.1
CVE-2024-12290 - Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter
The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘set_type’ parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web …
5.4
CVE-2024-12170 - ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries v…
6.4
CVE-2024-11445 - Image Magnify <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Image Magnify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_magnify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated a…
6.1
CVE-2024-11375 - WC1C <= 0.23.0 - Reflected Cross-Site Scripting
The WC1C plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.23.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that exec…
6.1
CVE-2024-12288 - Simple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts …
6.1
CVE-2024-11378 - Bizapp for WooCommerce <= 2.0.8 - Reflected Cross-Site Scripting
The Bizapp for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'error' parameter in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary …
7.5
CVE-2024-12157 - Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Inje…
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack o…
6.1
CVE-2024-12126 - SEO Keywords <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter
The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘google_error’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web…
6.1
CVE-2024-11690 - Financial Stocks & Crypto Market Data Plugin <= 1.10.3 - Reflected Cross-Site Scripting
The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t…
6.1
CVE-2024-12214 - WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolin…
The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated atta…