6.4
CVE-2024-9656 - Mynx Page Builder <= 0.27.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uplo…
The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abov…
4.4
CVE-2024-9776 - ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting vi…
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level pe…
4.4
CVE-2024-7489 - Forms for Mailchimp by Optin Cat <= 2.5.7 - Authenticated (Editor+) Stored Cross-Site Scripting via…
The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenti…
4.3
CVE-2024-9187 - Read more By Adam <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Read More Button …
The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read …
4.3
CVE-2024-9824 - ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrar…
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attack…
4.3
CVE-2024-9778 - ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepress_admin_page' function. This makes it possible for unauthenticated attackers to update p…
0.0
CVE-2025-20098 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
0.0
CVE-2025-20038 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
0.0
CVE-2025-20078 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
8.8
CVE-2024-9821 - Bot for Telegram on WooCommerce <= 1.2.7 - Authenticated (Subscriber+) Telegram Bot Token Disclosur…
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscrib…