6.1
CVE-2024-8786 - Auto Featured Image from Title <= 2.3 - Reflected Cross-Site Scripting
The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scrβ¦
8.8
CVE-2024-9018 - WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter
The WP Easy Gallery β WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the βkeyβ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.β¦
6.1
CVE-2024-9220 - LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting
The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pagβ¦
6.1
CVE-2024-8793 - Store Exporter for WooCommerce β Export Products, Export Orders, Export Subscriptions, and More <= β¦
The Store Exporter for WooCommerce β Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes β¦
6.4
CVE-2024-8288 - Guten Post Layout β An Advanced Post Grid Collection for WordPress Gutenberg <= 1.2.4 - Authenticatβ¦
The Guten Post Layout β An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βalignβ attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient inβ¦
6.1
CVE-2024-9228 - Loggedin β Limit Active Logins <= 1.3.1 - Reflected Cross-Site Scripting
The Loggedin β Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web sβ¦
6.1
CVE-2024-8799 - Custom Banners <= 3.3 - Reflected Cross-Site Scripting
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages thβ¦
6.5
CVE-2024-9224 - Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the sβ¦
6.1
CVE-2024-9209 - WP Search Analytics <= 1.4.10 - Reflected Cross-Site Scripting
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in β¦
6.1
CVE-2024-9241 - PDF Image Generator <= 1.5.6 - Reflected Cross-Site Scripting
The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pβ¦