6.4
CVE-2024-4700 - WP Table Builder β WordPress Table Plugin <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Sitβ¦
The WP Table Builder β WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to injecβ¦
6.4
CVE-2024-3345 - ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch β¦
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated atβ¦
7.1
CVE-2024-4566 - ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification
The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbiβ¦
4.3
CVE-2024-4875 - HT Mega β Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update
The HT Mega β Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriβ¦
0.0
CVE-2024-5164 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
9.1
CVE-2024-4442 - Salon booking system <= 9.9 - Unauthenticated Arbitrary File Deletion
The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitβ¦
6.4
CVE-2024-4470 - Master Slider β Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Sβ¦
The Master Slider β Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tag_name' attribute. Thisβ¦
6.4
CVE-2024-4710 - Uber Menu <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodβ¦
The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ubermenu-col, ubermenu_mobile_close_button, ubermenu_toggle, ubermenu-search shortcodes in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user suppβ¦
5.4
CVE-2024-4372 - Carousel Slider < 2.2.11 - Editor+ Stored XSS
The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks
7.1
CVE-2024-4290 - Sailthru Triggermail <= 1.1 - Admin+ Stored XSS
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)