6.4
CVE-2025-0433 - Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The Master Addons β Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βidβ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output escapβ¦
4.3
CVE-2024-13724 - Wallet System for WooCommerce β Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restrictiβ¦
The Wallet System for WooCommerce β Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their owβ¦
6.4
CVE-2024-9618 - Master Addons <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Wiβ¦
The Master Addons β Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.7.2 due to insufficient input sanitization and output escapinβ¦
6.4
CVE-2025-0512 - Structured Content (JSON-LD) #wpsc <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scriptβ¦
The Structured Content (JSON-LD) #wpsc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it β¦
4.3
CVE-2024-13682 - Wallet System for WooCommerce β Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restrictiβ¦
The Wallet System for WooCommerce β Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation in class-wallet-user-table.phpβ¦
6.2
CVE-2024-58050 -
Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
5
CVE-2024-58049 -
Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
6.7
CVE-2024-58048 -
Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability.
5
CVE-2024-58047 -
Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
6.2
CVE-2024-58046 -
Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality.