5.9
CVE-2024-50426 - WordPress Survey Maker plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.0.2.
9.8
CVE-2024-50475 - WordPress Signup Page plugin <= 1.0 - Arbitrary Option Update to Privilege Escalation vulnerability
Missing Authorization vulnerability in Scott Gamon Signup Page signup-page allows Privilege Escalation.This issue affects Signup Page: from n/a through <= 1.0.
9.8
CVE-2024-50476 - WordPress GRΓN spendino Spendenformular plugin <= 1.0.1 - Arbitrary Option Update to Privilege Escaβ¦
Missing Authorization vulnerability in GRΓN Software Group GmbH GRΓN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRΓN spendino Spendenformular: from n/a through <= 1.0.1.
8.8
CVE-2024-50481 - WordPress Bstone Demo Importer plugin <= 1.0.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through <= 1.0.1.
9.8
CVE-2024-50485 - WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5.
9.8
CVE-2024-50490 - WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability
Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through <= 1.0.2.
10
CVE-2024-50420 - WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through <= 1.3.
9.9
CVE-2024-50427 - WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through <= 1.9.136.
6.1
CVE-2024-10048 - Post Status Notifier Lite and Premium <= 1.11.6 - Reflected Cross-Site Scripting via page
The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the βpageβ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to iβ¦
6.1
CVE-2024-9438 - SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary β¦