6.1

CVSS3.1

CVE-2024-10522 - Co-marquage service-public.fr <= 0.5.76 - Reflected Cross-Site Scripting via add_query_arg Parameter

The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.5.76. This makes it possible for unauthenticated attackers to inject arbitrary web s…

📅 Published: Nov. 21, 2024, 2:06 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

4.2

CVSS3.1

CVE-2024-11197 - Lock User Account <= 1.0.5 - User Lock Bypass

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, to …

📅 Published: Nov. 21, 2024, 2:06 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-11412 - Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated at…

📅 Published: Nov. 21, 2024, 2:06 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-11435 - salavat counter Plugin <= 0.9.4 - Reflected Cross-Site Scripting

The salavat counter Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w…

📅 Published: Nov. 21, 2024, 2:06 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-11432 - SuevaFree Essential Kit <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The SuevaFree Essential Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'counter' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic…

📅 Published: Nov. 21, 2024, 2:06 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-11428 - Lazy load videos and sticky control <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scrip…

The Lazy load videos and sticky control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lazy-load-videos-and-sticky-control' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attribut…

📅 Published: Nov. 21, 2024, 2:06 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2024-11354 - Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (…

The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscri…

📅 Published: Nov. 21, 2024, 2:06 a.m. 🔄 Last Modified: April 8, 2026, 4:44 p.m.

6.1

CVSS3.1

CVE-2024-10726 - Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Reflected Cross-Site Script…

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious web…

📅 Published: Nov. 21, 2024, 2:06 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-11370 - Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting

The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scri…

📅 Published: Nov. 21, 2024, 2:06 a.m. 🔄 Last Modified: April 8, 2026, 5:17 p.m.

6.4

CVSS3.1

CVE-2024-9111 - Product Designer <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above…

📅 Published: Nov. 21, 2024, 2:06 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 7768 of 34,919
« previous page » next page
Filters