7.1
CVE-2024-54208 - WordPress Block Controller plugin <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joni Halabi Block Controller block-controller allows Reflected XSS.This issue affects Block Controller: from n/a through <= 1.4.3.
7.1
CVE-2024-54209 - WordPress Awesome Shortcodes plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes awesome-shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through <= 1.7.2.
6.5
CVE-2024-54210 - WordPress Advanced Element Bucket Addons for Elementor plugin <= 1.0.2 - Cross Site Scripting (XSSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codexshaper Advanced Element Bucket Addons for Elementor cs-element-bucket allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a through <= 1.0.2.
5.9
CVE-2024-54211 - WordPress Borderless β Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin <=β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a through <= 1.5.8.
6.5
CVE-2024-54212 - WordPress Magical Addons For Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.3.6.
6.5
CVE-2024-54213 - WordPress WordPress Page Builder β Zion Builder plugin <= 3.6.16 - Cross Site Scripting (XSS) vulneβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zionbuilder ZionBuilder zionbuilder allows Stored XSS.This issue affects ZionBuilder: from n/a through <= 3.6.16.
7.1
CVE-2024-54205 - WordPress Paloma Widget plugin <= 1.14 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget postman-widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through <= 1.14.
9.3
CVE-2024-51615 - WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through <= 3.7.
10
CVE-2024-54214 - WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through <= 1.18.
7.7
CVE-2024-54216 - WordPress ARForms plugin <= 6.4.1 - Subscriber+ Arbitrary File Read vulnerability
Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through <= 6.4.1.