0.0
CVE-2024-50503 - WordPress User Toolkit plugin <= 1.2.3 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through <= 1.2.3.
7.2
CVE-2024-10108 - WPAdverts β Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_aβ¦
The WPAdverts β Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers toβ¦
6.4
CVE-2024-10223 - HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember β¦
The WP Team β WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possiβ¦
5.4
CVE-2024-8444 - Download Manager < 3.3.00 - Contributor+ Stored XSS
The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.
6.1
CVE-2024-8871 - Pricing Tables WordPress Plugin β Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting
The Pricing Tables WordPress Plugin β Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers toβ¦
4.3
CVE-2024-10399 - Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, β¦
6.1
CVE-2024-8792 - Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pβ¦
6.4
CVE-2024-8627 - Ultimate TinyMCE <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access anβ¦
6.4
CVE-2024-9885 - Widget or Sidebar Shortcode <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting viaβ¦
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for autheβ¦
6.9
CVE-2024-10509 - Codezips Online Institute Management System login.php sql injection
A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit hβ¦