6.1
CVE-2024-8728 - Easy Load More <= 1.0.3 - Reflected Cross-Site Scripting
The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages β¦
6.1
CVE-2024-8727 - DK PDF <= 1.9.6 - Reflected Cross-Site Scripting
The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that exeβ¦
8.8
CVE-2024-7434 - UltraPress <= 1.2.2 - Authenticated (Contributor+) PHP Object Injection
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is preβ¦
6.1
CVE-2024-9267 - Easy WordPress Subscribe β Optin Hound <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg β¦
The Easy WordPress Subscribe β Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitraβ¦
6.4
CVE-2024-8989 - Stars Testimonials <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via stars_teβ¦
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews β Stars Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stars_testimonials shortcode in all versions up to, and including, 3.3.1 due to insufficient input sanitization and ouβ¦
4.3
CVE-2024-8675 - Soumettre.fr <= 2.1.3 - Missing Authorization
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and aβ¦
6.4
CVE-2024-9304 - LocateAndFilter <= 1.6.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above,β¦
6.4
CVE-2024-8990 - Geo Mashup <= 1.13.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via geo_mashup_visβ¦
The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for β¦
6.5
CVE-2024-8632 - KB Support β WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticβ¦
The KB Support β WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6β¦
8.1
CVE-2024-8548 - KB Support β WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticatβ¦
The KB Support β WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the /includes/ajax-functions.php file all versions up to, and including, 1.6.6. This makes it possible fβ¦