Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-31342 |
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. Published: April 10, 2024; 1:15:55 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31254 |
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. Published: April 10, 2024; 12:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31247 |
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. Published: April 10, 2024; 12:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1780 |
The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Published: April 10, 2024; 4:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3210 |
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 10, 2024; 2:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2655 |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 10, 2024; 2:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2539 |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget '_id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 10, 2024; 2:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3235 |
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information. Published: April 10, 2024; 1:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2736 |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 10, 2024; 1:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2735 |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 10, 2024; 1:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2734 |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 10, 2024; 1:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2428 |
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks Published: April 10, 2024; 1:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1042 |
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041. Published: April 10, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1041 |
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 10, 2024; 1:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6385 |
The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs. Published: April 10, 2024; 1:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2733 |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 10, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2666 |
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content. Published: April 10, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2665 |
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 10, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2664 |
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 10, 2024; 12:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3514 |
The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 09, 2024; 3:15:41 PM -0400 |
V3.x:(not available) V2.0:(not available) |