CVE ID : CVE-2024-11749 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘appizy’ shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes […]
CVE ID : CVE-2024-11606 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above […]
CVE ID : CVE-2024-11369 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Store credit / Gift cards for woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘coupon’, ‘start_date’, and ‘end_date’ parameters in all versions up to, and including, 1.0.49.46 due to insufficient input sanitization and output […]
CVE ID : CVE-2024-10562 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is […]
CVE ID : CVE-2024-10536 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions […]
CVE ID : CVE-2024-9208 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for […]
CVE ID : CVE-2024-12470 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. […]
CVE ID : CVE-2024-12462 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘yogo-calendar’ shortcode in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes […]
CVE ID : CVE-2024-12457 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘vchat’ shortcode in all versions up to, and including, 1.7.2 due […]
CVE ID : CVE-2024-12453 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Uptodown APK Download Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘utd-widget’ shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
