6.4
CVE-2024-8961 - Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Build…
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and o…
6.6
CVE-2024-9529 - Secure Custom Fields < 6.3.6.3 - Admin+ Remote Code Execution
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege…
5.9
CVE-2024-10104 - Jobs for WordPress < 2.7.8 - Contributor+ Stored XSS
The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
7.2
CVE-2024-10793 - WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script…
7.2
CVE-2024-10260 - Tripetto <= 8.0.11 - Unauthentiated Stored Cross-Site Scripting via Form File Upload
The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that…
6.1
CVE-2024-9356 - Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.9 - Reflected Cross-Site Scripting
The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it p…
4.3
CVE-2024-10582 - Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Auth…
The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attac…
6.4
CVE-2024-10113 - WP AdCenter – Ad Manager & Adsense Ads <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Sc…
The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it pos…
6.1
CVE-2024-39610 -
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
5.3
CVE-2024-42499 -
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specif…