8.7
CVE-2020-26307 - GHSL-2020-301: Regular Expression Denial of Service (ReDoS) in HTML2Markdown
HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
8.7
CVE-2020-26306 - GHSL-2020-296: Regular Expression Denial of Service (ReDoS) in Knwl.js
Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are aβ¦
8.7
CVE-2020-26305 - GHSL-2020-291: Regular Expression Denial of Service (ReDoS) in CommonRegexJS
CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
8.7
CVE-2020-26304 - GHSL-2020-290: Regular Expression Denial of Service (ReDoS) in foundation-sites
Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any fixes are available.
8.7
CVE-2020-26303 - GHSL-2020-289: Regular Expression Denial of Service (ReDoS) in insane
insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
9.8
CVE-2024-9501 - Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass via WordPress.com OAutβ¦
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackerβ¦
7.5
CVE-2024-10402 - Forminator Forms β Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorizatiβ¦
The Forminator Forms β Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-level β¦
6.4
CVE-2024-10117 - WP Crowdfunding <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcf_donatβ¦
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated β¦
4.3
CVE-2024-10357 - Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Sensitive Information Exposure β¦
The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src/widgets/class-clever-widget-base.php. This makes it possible for authenticated attackers, with Contributor-leveβ¦
6.4
CVE-2024-9116 - Monkee-Boy Essentials <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uplβ¦
The Monkee-Boy Essentials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and aboβ¦