6.4
CVE-2024-5006 - Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Sβ¦
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βsizeβ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, witβ¦
4.3
CVE-2024-4088 - Gutenberg Blocks and Page Layouts β Attire Blocks <= 1.9.2 - Missing Authorization
The Gutenberg Blocks and Page Layouts β Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subβ¦
6.4
CVE-2024-5222 - Responsive Addons β Starter Templates, Advanced Features and Customizer Settings for Responsive Theβ¦
The Responsive Addons β Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output eβ¦
6.4
CVE-2024-1164 - Brizy β Page Builder <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Fβ¦
The Brizy β Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied error messages. Thiβ¦
4.3
CVE-2024-2368 - Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication
The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged β¦
4.3
CVE-2024-4886 - BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
7.4
CVE-2024-3667 - Brizy β Page Builder <= 2.4.43 - Authenticated (Contributor+) Store Cross-Site Scripting via Widgetβ¦
The Brizy β Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authβ¦
7.1
CVE-2024-1940 - Brizy β Page Builder <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting
The Brizy β Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. This makes it possible for authenticateβ¦
7.2
CVE-2024-2087 - Brizy β Page Builder <= 2.4.43 - Unauthenticated Stored Cross-Site Scripting via Form
The Brizy β Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web sβ¦
9.8
CVE-2024-4295 - Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the βhashβ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes itβ¦