0.0
CVE-2024-51783 - WordPress Forms: 3rd-Party Post Again plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerab…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zaus Forms: 3rd-Party Post Again forms-3rdparty-post-again allows Reflected XSS.This issue affects Forms: 3rd-Party Post Again: from n/a through <= 0.3.
0.0
CVE-2024-51784 - WordPress FriendStore for WooCommerce plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulner…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VietFriend team FriendStore for WooCommerce friendstore-for-woocommerce allows Reflected XSS.This issue affects FriendStore for WooCommerce: from n/a through <= 1.4.2.
0.0
CVE-2024-51786 - WordPress Realty by BestWebSoft plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Realty by BestWebSoft realty allows Stored XSS.This issue affects Realty by BestWebSoft: from n/a through <= 1.1.5.
5.4
CVE-2024-51787 - WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Cross Site Scripting (XSS) vulnerabi…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through <= 6.4.3.
0.0
CVE-2024-51785 - WordPress Responsive Filterable Portfolio plugin <= 1.0.22 - Server Side Request Forgery (SSRF) vul…
Server-Side Request Forgery (SSRF) vulnerability in Nks Responsive Filterable Portfolio responsive-filterable-portfolio allows Server Side Request Forgery.This issue affects Responsive Filterable Portfolio: from n/a through <= 1.0.22.
9.8
CVE-2024-10508 - RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenti…
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating…
9.8
CVE-2024-10589 - Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticat…
9.8
CVE-2024-10801 - WordPress User Extra Fields <= 16.5 - Unauthenticated Arbitrary File Upload
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files…
9.8
CVE-2024-10547 - WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload
The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected …
9.8
CVE-2024-10871 - Category Ajax Filter <= 2.8.2 - Unauthenticated Local File Inclusion
The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execut…