6.4
CVE-2024-11412 - Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated at…
6.1
CVE-2024-11435 - salavat counter Plugin <= 0.9.4 - Reflected Cross-Site Scripting
The salavat counter Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w…
6.4
CVE-2024-11432 - SuevaFree Essential Kit <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The SuevaFree Essential Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'counter' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic…
6.4
CVE-2024-11428 - Lazy load videos and sticky control <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scrip…
The Lazy load videos and sticky control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lazy-load-videos-and-sticky-control' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attribut…
4.3
CVE-2024-11354 - Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (…
The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscri…
6.1
CVE-2024-10726 - Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Reflected Cross-Site Script…
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious web…
6.1
CVE-2024-11370 - Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting
The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scri…
6.4
CVE-2024-9111 - Product Designer <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above…
6.4
CVE-2024-11455 - Include Mastodon Feed <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f…
4.3
CVE-2024-10532 - Bard Extra <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import
The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to …