6.1

CVSS3.1

CVE-2024-8663 - WP Simple Booking Calendar <= 2.0.10 - Reflected Cross-Site Scripting

The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.10. This makes it possible for unauthenticated attackers to inject…

πŸ“… Published: Sept. 13, 2024, 6:47 a.m. πŸ”„ Last Modified: April 8, 2026, 5:23 p.m.

6.4

CVSS3.1

CVE-2024-8742 - Essential Addons for Elementor <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting …

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization …

πŸ“… Published: Sept. 13, 2024, 6:47 a.m. πŸ”„ Last Modified: April 8, 2026, 5:01 p.m.

6.1

CVSS3.1

CVE-2024-8664 - WP Test Email <= 1.1.7 - Reflected Cross-Site Scripting

The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages t…

πŸ“… Published: Sept. 13, 2024, 6:47 a.m. πŸ”„ Last Modified: April 8, 2026, 5 p.m.

6.4

CVSS3.1

CVE-2024-5567 - Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.5 - Authenticated (Author+)…

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to …

πŸ“… Published: Sept. 13, 2024, 6:47 a.m. πŸ”„ Last Modified: April 8, 2026, 4:56 p.m.

6.3

CVSS3.1

CVE-2024-7888 - Classified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing Authorization

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. T…

πŸ“… Published: Sept. 13, 2024, 6:47 a.m. πŸ”„ Last Modified: April 8, 2026, 4:50 p.m.

6.1

CVSS3.1

CVE-2024-8665 - YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting

The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag…

πŸ“… Published: Sept. 13, 2024, 6:47 a.m. πŸ”„ Last Modified: April 8, 2026, 4:34 p.m.

7.5

CVSS3.1

CVE-2024-38816 - CVE-2024-38816: Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application i…

πŸ“… Published: Sept. 13, 2024, 6:10 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-7864 - Favicon Generator < 2.1 - Arbitrary File Deletion via CSRF

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server

πŸ“… Published: Sept. 13, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 27, 2024, 9:26 p.m.

8.1

CVSS3.1

CVE-2024-7863 - Favicon Generator < 2.1 - Arbitrary File Upload via CSRF

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server

πŸ“… Published: Sept. 13, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 27, 2024, 9:27 p.m.

4.8

CVSS3.1

CVE-2024-7133 - My Sticky Bar < 2.7.3 - Admin+ Stored XSS

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scrip…

πŸ“… Published: Sept. 13, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 27, 2024, 9:27 p.m.
Total resulsts: 349182
Page 8574 of 34,919
Β« previous page Β» next page
Filters