4.3
CVE-2024-10777 - AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure
The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-lβ¦
6.4
CVE-2024-10056 - Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesβ¦
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible forβ¦
6.4
CVE-2024-11779 - WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes itβ¦
6.4
CVE-2024-10848 - NewsMunch <= 1.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and β¦
4.3
CVE-2024-11341 - Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect
The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settinβ¦
6.4
CVE-2024-11420 - Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level β¦
5.3
CVE-2024-10937 - Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.β¦
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possibβ¦
8.8
CVE-2024-11429 - Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews β Stars Testimonials <= 3.β¦
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews β Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for auβ¦
3.1
CVE-2024-42195 - HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
6.4
CVE-2024-10178 - Gutentor β Gutenberg Blocks β Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributβ¦
The Gutentor β Gutenberg Blocks β Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes.β¦