6.5
CVE-2024-49665 - WordPress Web Bricks Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks Addons for Elementor: from n/a through 1.1.1.
6.5
CVE-2024-49667 - WordPress Local Business Addons For Elementor plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asaduzzaman Abir Local Business Addons For Elementor map-addons-for-elementor-waze-map allows Stored XSS.This issue affects Local Business Addons For Elementor: from n/a through <= 1.1.5.
7.1
CVE-2024-49670 - WordPress Client Power Tools Portal plugin <= 1.9.0 - Reflected Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sam Glover Client Power Tools Portal client-power-tools allows Reflected XSS.This issue affects Client Power Tools Portal: from n/a through <= 1.9.0.
7.1
CVE-2024-49672 - WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in giffordcheung Google Docs RSVP google-docs-rsvp-guestlist allows Stored XSS.This issue affects Google Docs RSVP: from n/a through <= 2.0.1.
7.1
CVE-2024-49673 - WordPress LaTeX2HTML plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Van Abel LaTeX2HTML latex2html allows Reflected XSS.This issue affects LaTeX2HTML: from n/a through <= 2.5.4.
7.1
CVE-2024-49678 - WordPress js paper theme <= 2.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jinwen js allows Reflected XSS.This issue affects js paper: from n/a through 2.5.7.
4.3
CVE-2024-10360 - Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure viβ¦
The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it posβ¦
6.4
CVE-2024-10233 - SMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_sβ¦
The SMS Alert Order Notifications β WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes itβ¦
6.4
CVE-2024-10266 - Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site β¦
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for autheβ¦
6.4
CVE-2024-10185 - StreamWeasels YouTube Integration <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scriptiβ¦
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possiβ¦