6.1
CVE-2024-49672 - WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in giffordcheung Google Docs RSVP google-docs-rsvp-guestlist allows Stored XSS.This issue affects Google Docs RSVP: from n/a through <= 2.0.1.
6.1
CVE-2024-49673 - WordPress LaTeX2HTML plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Van Abel LaTeX2HTML latex2html allows Reflected XSS.This issue affects LaTeX2HTML: from n/a through <= 2.5.4.
7.1
CVE-2024-49678 - WordPress js paper theme <= 2.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jinwen js allows Reflected XSS.This issue affects js paper: from n/a through 2.5.7.
4.3
CVE-2024-10360 - Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure viβ¦
The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it posβ¦
6.4
CVE-2024-10233 - SMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_sβ¦
The SMS Alert Order Notifications β WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes itβ¦
6.4
CVE-2024-10266 - Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site β¦
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for autheβ¦
6.4
CVE-2024-10185 - StreamWeasels YouTube Integration <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scriptiβ¦
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possiβ¦
6.4
CVE-2024-10184 - SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Coβ¦
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible foβ¦
5.4
CVE-2024-49679 - WordPress WPKoi Templates for Elementor plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Stored XSS.This issue affects WPKoi Templates for Elementor: from n/a through <= 3.1.0.
5.4
CVE-2024-49692 - WordPress AffiliateX plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCenter AffiliateX affiliatex allows Stored XSS.This issue affects AffiliateX: from n/a through <= 1.2.9.