Filtered by vendor Wordpress
Subscriptions
Total
5039 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3031 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.4 Medium |
| The Fluid Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-3027 | 2 Nextendweb, Wordpress | 2 Smart Slider 3, Wordpress | 2024-11-21 | 6.4 Medium |
| The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks. | ||||
| CVE-2024-3023 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.4 Medium |
| The AnnounceKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-3021 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.4 Medium |
| The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Header Title value in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-38758 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4. | ||||
| CVE-2024-38757 | 2 Typebot, Wordpress | 2 Typebot, Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Typebot allows Stored XSS.This issue affects Typebot: from n/a through 3.6.0. | ||||
| CVE-2024-38750 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in digontoahsan Advanced post slider.This issue affects Advanced post slider: from n/a through 3.0.0. | ||||
| CVE-2024-38741 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor-E-Alam Amazing Hover Effects allows Stored XSS.This issue affects Amazing Hover Effects: from n/a through 2.4.9. | ||||
| CVE-2024-38736 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13. | ||||
| CVE-2024-38735 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in N.O.U.S. Open Useful and Simple Event post allows PHP Local File Inclusion.This issue affects Event post: from n/a through 5.9.5. | ||||
| CVE-2024-38725 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webstix Admin Dashboard RSS Feed allows Stored XSS.This issue affects Admin Dashboard RSS Feed: from n/a through 3.1. | ||||
| CVE-2024-38720 | 2 Spider-themes, Wordpress | 2 Eazydocs, Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EazyDocs eazydocs allows Stored XSS.This issue affects EazyDocs: from n/a through 2.5.0. | ||||
| CVE-2024-38715 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1. | ||||
| CVE-2024-38705 | 2 Elementinvader, Wordpress | 2 Elementinvader Addons For Elementor, Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4. | ||||
| CVE-2024-38703 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Stored XSS.This issue affects WP Event Aggregator: from n/a through 1.7.9. | ||||
| CVE-2024-38700 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in realmag777 WPCS allows Code Injection.This issue affects WPCS: from n/a through 1.2.0.3. | ||||
| CVE-2024-38698 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Skill Bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through 2.0. | ||||
| CVE-2024-38697 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Rahimi Goftino allows Stored XSS.This issue affects Goftino: from n/a through 1.6. | ||||
| CVE-2024-38694 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Moloni allows Reflected XSS.This issue affects Moloni: from n/a through 4.7.4. | ||||
| CVE-2024-38683 | 2 Ithemelandco, Wordpress | 2 Woocommerce Report, Wordpress | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iThemelandCo WooCommerce Report allows Reflected XSS.This issue affects WooCommerce Report: from n/a through 1.4.5. | ||||