6.4
CVE-2024-3923 - Beaver Builder β WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Siteβ¦
The Beaver Builder β WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wβ¦
6.4
CVE-2024-3990 - HT Mega β Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Sβ¦
The HT Mega β Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fβ¦
9.8
CVE-2024-3806 - Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in tβ¦
4.3
CVE-2024-1230 - SimpleShop <= 2.10.0 - Cross-Site Request Forgery
The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0. This is due to missing or incorrect nonce validation on the maybe_disconnect_simpleshop function. This makes it possible for unauthenticated attackers to disconnect the siteβ¦
6.4
CVE-2024-4335 - Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scβ¦
The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtextAlignβ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with conβ¦
4.3
CVE-2024-4103 - ADFO β Custom data in admin dashboard <= 1.9.0 - Cross-Site Request Forgery
The ADFO β Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller() function. This makes it possible for unauthenβ¦
8.1
CVE-2024-4441 - XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion
The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHPβ¦
5.3
CVE-2024-3915 - Swift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update
The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary posts with arβ¦
6.4
CVE-2024-2923 - Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Lβ¦
The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and including, 1.1.37 due to insufficient input sanitization aβ¦
0.0
CVE-2024-4542 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-3548. Reason: This candidate was issued in error. Please use CVE-2024-3548 instead.