6.5
CVE-2024-54260 - WordPress News Kit Elementor Addons plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.
7.1
CVE-2024-54226 - WordPress Country Blocker plugin <= 3.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in karlkiesinger Country Blocker country-blocker allows Stored XSS.This issue affects Country Blocker: from n/a through <= 3.2.
4.7
CVE-2024-54255 - WordPress Login Widget With Shortcode plugin <= 6.1.2 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode login-sidebar-widget allows Phishing.This issue affects Login Widget With Shortcode: from n/a through <= 6.1.2.
7.5
CVE-2024-54225 - WordPress Designer plugin <= 1.4.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codegearthemes Designer designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through <= 1.4.1.
5.3
CVE-2024-54223 - WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in reputeinfosystems ARForms Form Builder arforms-form-builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through <= 1.7.1.
7.5
CVE-2023-22701 - WordPress Ebook Store plugin <= 5.775 - Broken Authentication vulnerability
Missing Authorization vulnerability in motov.net Ebook Store ebook-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through <= 5.775.
4.3
CVE-2023-22708 - WordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in karim79 Kraken.io Image Optimizer kraken-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through <= 2.6.7.
5.2
CVE-2023-23715 - WordPress JobBoardWP β Job Board Listings and Submissions plugin <= 1.2.2 - IDOR Leading To Job Remβ¦
Missing Authorization vulnerability in Ultimate Member JobBoardWP β Job Board Listings and Submissions jobboardwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP β Job Board Listings and Submissions: from n/a through <= 1.2.2.
4.3
CVE-2023-23716 - WordPress Zendesk Support for WordPress plugin <= 1.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in zendesk_official Zendesk Support for WordPress zendesk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through <= 1.8.4.
4.3
CVE-2023-23725 - WordPress Shortcodes by Angie Makes plugin <= 3.46 - Broken Access Control vulnerability
Missing Authorization vulnerability in Chris Baldelomar Shortcodes wc-shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through <= 3.46.