6.4
CVE-2024-4567 - Themify Shortcodes <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_β¦
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticβ¦
4.3
CVE-2024-4082 - Joli FAQ SEO β WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery
The Joli FAQ SEO β WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin'β¦
9.8
CVE-2024-3070 - Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POβ¦
6.4
CVE-2024-0445 - The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with conβ¦
4.4
CVE-2024-2846 - Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-β¦
6.4
CVE-2024-3923 - Beaver Builder β WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Siteβ¦
The Beaver Builder β WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wβ¦
6.4
CVE-2024-3990 - HT Mega β Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Sβ¦
The HT Mega β Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fβ¦
9.8
CVE-2024-3806 - Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in tβ¦
4.3
CVE-2024-1230 - SimpleShop <= 2.10.0 - Cross-Site Request Forgery
The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0. This is due to missing or incorrect nonce validation on the maybe_disconnect_simpleshop function. This makes it possible for unauthenticated attackers to disconnect the siteβ¦
6.4
CVE-2024-4335 - Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scβ¦
The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtextAlignβ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with conβ¦