7.3
CVE-2024-10958 - WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedβ¦
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value bβ¦
6.1
CVE-2024-10265 - Form Maker by 10Web β Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Crossβ¦
The Form Maker by 10Web β Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthentβ¦
6.5
CVE-2024-51576 - WordPress AMP Img Shortcode plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpza AMP Img Shortcode amp-img-shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through <= 1.0.1.
5.3
CVE-2024-11054 - SourceCodester Simple Music Cloud Community System ajax.php unrestricted upload
A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. The β¦
6.5
CVE-2024-51577 - WordPress bpmn.io plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neville.lugton bpmn.io bpmnio allows Stored XSS.This issue affects bpmn.io: from n/a through <= 1.0.
6.5
CVE-2024-51578 - WordPress 3D Presentation plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lpagg 3D Presentation 3d-presentation allows Stored XSS.This issue affects 3D Presentation: from n/a through <= 1.0.
6.5
CVE-2024-51580 - WordPress Clever Addons for Elementor plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zootemplate Clever Addons for Elementor cafe-lite allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through <= 2.2.1.
6.5
CVE-2024-51581 - WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.6 - Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through <= 1.5.6.
6.5
CVE-2024-51583 - WordPress Kento Ads Rotator plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsPoint Kento Ads Rotator kento-ads-rotator allows Stored XSS.This issue affects Kento Ads Rotator: from n/a through <= 1.3.
6.5
CVE-2024-51584 - WordPress Marquee Elementor with Posts plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anas2004 Marquee Elementor with Posts marquee-elementor allows DOM-Based XSS.This issue affects Marquee Elementor with Posts: from n/a through <= 1.2.0.