6.4
CVE-2024-11386 - GatorMail SmartForms <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gatormailsmartform' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aβ¦
6.4
CVE-2024-12527 - Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possβ¦
6.4
CVE-2024-11892 - Accordion Slider Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordion_slider' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auβ¦
9.8
CVE-2024-12877 - GiveWP β Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection
The GiveWP β Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to injecβ¦
6.1
CVE-2024-12412 - Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration β WpRently | Wβ¦
The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration β WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βactive_tabβ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization β¦
6.4
CVE-2024-12520 - Dominion β Domain Checker for WPBakery <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scβ¦
The Dominion β Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attriβ¦
4.3
CVE-2024-12116 - Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.2 - Authenticated (Contributor+) Post Diβ¦
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated aβ¦
6.4
CVE-2024-12519 - TCBD Auto Refresher <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd_auto_refresh' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for autheβ¦
6.4
CVE-2024-11874 - Grid Accordion Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenβ¦
4.3
CVE-2024-11915 - RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access anβ¦