6.5
CVE-2024-35753 - WordPress TemplatesNext OnePager plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.This issue affects TemplatesNext OnePager: from n/a through 1.3.3.
6.5
CVE-2024-35755 - WordPress Weather Widget Pro plugin <= 1.1.40 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40.
5.9
CVE-2024-35756 - WordPress Tooltip CK plugin <= 2.2.15 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CeiKay Tooltip CK tooltip-ck allows Stored XSS.This issue affects Tooltip CK: from n/a through 2.2.15.
6.5
CVE-2024-5654 - CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update
The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site conβ¦
4.3
CVE-2024-4468 - Salon booking system <= 9.9 - Missing Authorization
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber accβ¦
7.4
CVE-2024-5091 - SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age β¦
The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibβ¦
0.0
CVE-2024-5758 -
** REJECT ** Duplicate of CVE-2024-4305. Please use CVE-2024-4305 instead.
6.1
CVE-2024-5613 - Formula <= 0.5.1 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the βidβ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unaβ¦
6.3
CVE-2024-5087 - Minimal Coming Soon β Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change
The Minimal Coming Soon β Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated atβ¦
6.1
CVE-2024-5638 - Formula <= 0.5.1 - Reflected Cross-Site Scripting via ti_customizer_notify_dismiss_recommended_plugβ¦
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the βidβ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possibleβ¦