5.4
CVE-2024-8444 - Download Manager < 3.3.00 - Contributor+ Stored XSS
The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.
6.1
CVE-2024-8871 - Pricing Tables WordPress Plugin β Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting
The Pricing Tables WordPress Plugin β Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers toβ¦
4.3
CVE-2024-10399 - Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, β¦
6.1
CVE-2024-8792 - Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pβ¦
6.4
CVE-2024-8627 - Ultimate TinyMCE <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access anβ¦
6.4
CVE-2024-9885 - Widget or Sidebar Shortcode <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting viaβ¦
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for autheβ¦
6.9
CVE-2024-10509 - Codezips Online Institute Management System login.php sql injection
A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit hβ¦
6.9
CVE-2024-10507 - Codezips Free Exam Hall Seating Management System login.php sql injection
A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been discloβ¦
7.3
CVE-2024-9846 - Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcodβ¦
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shβ¦
6.4
CVE-2024-9886 - WP Baidu Map <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attaβ¦