6.4
CVE-2024-4553 - WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Sit…
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This ma…
6.4
CVE-2024-4695 - Move Addons for Elementor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via M…
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers…
6.4
CVE-2024-4700 - WP Table Builder – WordPress Table Plugin <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Sit…
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to injec…
6.4
CVE-2024-3345 - ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch …
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated at…
7.1
CVE-2024-4566 - ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification
The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbi…
4.3
CVE-2024-4875 - HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscri…
0.0
CVE-2024-5164 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
9.1
CVE-2024-4442 - Salon booking system <= 9.9 - Unauthenticated Arbitrary File Deletion
The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbit…
6.4
CVE-2024-4470 - Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site S…
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tag_name' attribute. This…
6.4
CVE-2024-4710 - Uber Menu <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcod…
The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ubermenu-col, ubermenu_mobile_close_button, ubermenu_toggle, ubermenu-search shortcodes in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supp…