Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-32810 |
Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2. Published: May 03, 2024; 4:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28072 |
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. Published: May 03, 2024; 4:15:07 AM -0400 |
V3.1: 5.7 MEDIUM V2.0:(not available) |
CVE-2024-24710 |
Missing Authorization vulnerability in SlickRemix Feed Them Social.This issue affects Feed Them Social: from n/a through 4.2.0. Published: May 03, 2024; 4:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-44472 |
Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28. Published: May 03, 2024; 4:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-25457 |
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1. Published: May 03, 2024; 4:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33947 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.3.2.0. Published: May 03, 2024; 3:15:40 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33946 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPify s.R.O. WPify Woo Czech allows Reflected XSS.This issue affects WPify Woo Czech: from n/a through 4.0.10. Published: May 03, 2024; 3:15:40 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33945 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through 1.8. Published: May 03, 2024; 3:15:40 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33943 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyKite Ultimate Under Construction allows Stored XSS.This issue affects Ultimate Under Construction: from n/a through 1.9.3. Published: May 03, 2024; 3:15:39 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33940 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashan Jay EventON allows Stored XSS.This issue affects EventON: from n/a through 2.2.14. Published: May 03, 2024; 3:15:39 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33936 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Print-O-Matic allows Stored XSS.This issue affects Print-O-Matic: from n/a through 2.1.10. Published: May 03, 2024; 3:15:39 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33935 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB MailCrypt allows Stored XSS.This issue affects PB MailCrypt: from n/a through 3.1.0. Published: May 03, 2024; 3:15:39 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33934 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Mini Loops allows Stored XSS.This issue affects Mini Loops: from n/a through 1.4.1. Published: May 03, 2024; 3:15:39 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33932 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vinod Dalvi Login Logout Register Menu allows Stored XSS.This issue affects Login Logout Register Menu: from n/a through 2.0. Published: May 03, 2024; 3:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33928 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0. Published: May 03, 2024; 3:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4439 |
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar. Published: May 03, 2024; 2:15:14 AM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2024-3703 |
The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks Published: May 03, 2024; 2:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3692 |
The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: May 03, 2024; 2:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3637 |
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) Published: May 03, 2024; 2:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34408 |
Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/utils/DecodeStream.cpp via a crafted PAG (Portable Animated Graphics) file. Published: May 03, 2024; 2:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |