6.4
CVE-2024-9272 - R Animated Icon Plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upβ¦
The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abβ¦
6.4
CVE-2024-8720 - RumbleTalk Live Group Chat β HTML5 <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scriptβ¦
The RumbleTalk Live Group Chat β HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makeβ¦
6.1
CVE-2024-8718 - Gravity Forms Toolbar <= 1.7.0 - Reflected Cross-Site Scripting
The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary webβ¦
8.8
CVE-2024-7433 - Empowerment <= 1.0.2 - Authenticated (Contributor+) PHP Object Injection
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prβ¦
6.4
CVE-2024-9274 - Elastik Page Builder <= 0.27.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uβ¦
The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and aβ¦
7.2
CVE-2024-7869 - 123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting
The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that willβ¦
9.8
CVE-2024-9106 - Wechat Social login <= 1.3.0 - Authentication Bypass
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing usβ¦
8.8
CVE-2024-7432 - Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prβ¦
6.4
CVE-2024-9269 - Relogo <= 0.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to injectβ¦
6.4
CVE-2024-9119 - SVG Complete <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to β¦