4.3
CVE-2024-12099 - Dollie Hub โ Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Dโฆ
The Dollie Hub โ Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authentiโฆ
6.4
CVE-2024-10885 - SearchIQ โ The Search Solution <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The SearchIQ โ The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible foโฆ
5.3
CVE-2024-12123 - Unauthorized Modification of Ticket Requester
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.ย When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy.ย The ticket requester can be changed from thโฆ
6.1
CVE-2024-11807 - NPS computy <= 2.8.0 - Reflected Cross-Site Scripting
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrarโฆ
6.4
CVE-2024-11747 - Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attaโฆ
4.3
CVE-2024-10663 - Eleblog โ Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscโฆ
The Eleblog โ Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subsโฆ
6.1
CVE-2024-11813 - Pulsating Chat Button <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for unauthenticated attackers to updaโฆ
6.4
CVE-2024-11897 - Contact Form, Survey & Form Builder โ MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Crโฆ
The Contact Form, Survey & Form Builder โ MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This mโฆ
5.5
CVE-2024-11093 - SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload
The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scriโฆ
7.3
CVE-2024-10952 - Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shโฆ