6.4
CVE-2024-13551 - ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackerβ¦
6.4
CVE-2024-13441 - Bilingual Linker <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-levβ¦
6.4
CVE-2024-12817 - Etsy Importer <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_link' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated β¦
6.4
CVE-2024-13586 - Masy Gallery <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'justified-gallery' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticateβ¦
6.1
CVE-2024-13467 - WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting
The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injecβ¦
6.4
CVE-2024-11825 - Broadstreet <= 1.50.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via zone Parameter
The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βzoneβ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and aβ¦
4.3
CVE-2024-13368 - Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1β¦
The Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.2. This makes it possible fβ¦
4.3
CVE-2024-12113 - Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By Kβ¦
The Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2.β¦
6.4
CVE-2024-13458 - WordPress SEO Friendly Accordion FAQ with AI assisted content generation <= 2.2.1 - Authenticated (β¦
The WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'noticefaq' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user suppliβ¦
6.4
CVE-2024-13599 - LearnPress β WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scrβ¦
The LearnPress β WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP Instructor-lβ¦