6.4
CVE-2024-10885 - SearchIQ β The Search Solution <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The SearchIQ β The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible foβ¦
5.3
CVE-2024-12123 - Unauthorized Modification of Ticket Requester
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.Β When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy.Β The ticket requester can be changed from thβ¦
6.1
CVE-2024-11807 - NPS computy <= 2.8.0 - Reflected Cross-Site Scripting
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrarβ¦
6.4
CVE-2024-11747 - Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attaβ¦
4.3
CVE-2024-10663 - Eleblog β Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscβ¦
The Eleblog β Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subsβ¦
6.1
CVE-2024-11813 - Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for unauthenticated attackers to updaβ¦
6.4
CVE-2024-11897 - Contact Form, Survey & Form Builder β MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Crβ¦
The Contact Form, Survey & Form Builder β MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This mβ¦
5.5
CVE-2024-11093 - SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload
The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scriβ¦
7.3
CVE-2024-10952 - Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shβ¦
8.8
CVE-2024-10587 - Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor β Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.5.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, wiβ¦