6.4
CVE-2024-5439 - Blocksy <= 2.0.50 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts โฆ
6.4
CVE-2024-4939 - Weaver Xtreme Theme Support <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via dโฆ
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticatedโฆ
4.3
CVE-2024-5453 - ProfileGrid <= 5.8.6 - Missing Authorization
The ProfileGrid โ User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. This makes it possiblโฆ
6.4
CVE-2024-5006 - Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Sโฆ
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โsizeโ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, witโฆ
4.3
CVE-2024-4088 - Gutenberg Blocks and Page Layouts โ Attire Blocks <= 1.9.2 - Missing Authorization
The Gutenberg Blocks and Page Layouts โ Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subโฆ
6.4
CVE-2024-5222 - Responsive Addons โ Starter Templates, Advanced Features and Customizer Settings for Responsive Theโฆ
The Responsive Addons โ Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output eโฆ
6.4
CVE-2024-1164 - Brizy โ Page Builder <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Fโฆ
The Brizy โ Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied error messages. Thiโฆ
4.3
CVE-2024-2368 - Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication
The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged โฆ
4.3
CVE-2024-4886 - BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
7.4
CVE-2024-3667 - Brizy โ Page Builder <= 2.4.43 - Authenticated (Contributor+) Store Cross-Site Scripting via Widgetโฆ
The Brizy โ Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authโฆ