6.4
CVE-2024-5601 - Create by Mediavine <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Schema β¦
The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticatβ¦
7.7
CVE-2024-22232 - Specially crafted url can be created which leads to a directory traversal in the salt file server
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt masterβs filesystem.
5
CVE-2024-22231 - Syndic cache directory creation is vulnerable to a directory traversal attack
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can leadΒ a malicious attacker to create an arbitrary directory on a Salt master.
6.1
CVE-2024-4704 - Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
4.8
CVE-2024-4664 - WP Chat App < 3.6.5 - Admin+ Stored XSS
The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
5.4
CVE-2024-3111 - H5P < 1.15.8 - Contributor+ Stored XSS
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues
4.3
CVE-2024-1330 - Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database.
5.4
CVE-2024-6283 - DethemeKit For Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via URβ¦
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for β¦
6.4
CVE-2024-4570 - Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permβ¦
6.4
CVE-2024-4569 - Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permβ¦