CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-50433 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor sky-elementor-addons allows Cross-Site Scripting (XSS).This issue... | 6.5 | MEDIUM | โ | 0 |
| CVE-2024-9613 The FormFacade โ WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-9890 The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This mak... | 8.8 | HIGH | โ | 0 |
| CVE-2024-9933 The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not emp... | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-8870 The Forms for Mailchimp by Optin Cat โ Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-8392 The WordPress Post Grid Layouts with Pagination โ Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.6 via the 'tab' parameter. This makes it p... | 7.2 | HIGH | โ | 0 |
| CVE-2024-9637 The School Management System โ WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not... | 8.8 | HIGH | โ | 0 |
| CVE-2024-9642 The Editor Custom Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.7 due to insufficient input sanitizatio... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-9989 The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' f... | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-9990 The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' ... | 8.8 | HIGH | โ | 0 |
| CVE-2023-5816 The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing... | 4.9 | MEDIUM | โ | 0 |
| CVE-2024-10544 The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 through publicly exposed log files. This makes it possible ... | 5.3 | MEDIUM | โ | 0 |
| CVE-2024-9708 The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output e... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-6479 The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and includin... | 6.5 | MEDIUM | โ | 0 |
| CVE-2024-6480 The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-9307 The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, wi... | 9.9 | CRITICAL | โ | 0 |
| CVE-2024-10284 The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function... | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-9262 The User Meta โ User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser() due... | 6.5 | MEDIUM | โ | 0 |
| CVE-2024-10577 The ่้ผ ้้(Fat Rat Collect) ๅพฎไฟก็ฅไน็ฎไนฆ่ พ่ฎฏๆฐ้ปๅ่กจๅ้กต้้, ่ฟๆ่ชๅจ้้ใ่ชๅจๅๅธใ่ชๅจๆ ็ญพใ็ญๅค้กนๅ่ฝใๅผๆบๆไปถ plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, and... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-10629 The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and in... | 8.8 | HIGH | โ | 0 |
| CVE-2024-10850 The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-10851 The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in al... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-10887 The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in a... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-8874 The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL i... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-9614 The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up ... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-10571 The Chartify โ WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unau... | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-10015 The ConvertCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'type' parameters in all versions up to, and including, 1.1.1 due to insufficient... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-10262 The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an act... | 6.3 | MEDIUM | โ | 0 |
| CVE-2024-8873 The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions u... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-9839 The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action t... | 7.3 | HIGH | โ | 0 |
| CVE-2024-11094 The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated a... | 5.3 | MEDIUM | โ | 0 |
| CVE-2024-10172 The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and includin... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-10522 The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, an... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-10696 The UltraAddons โ Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object ... | 4.3 | MEDIUM | โ | 0 |
| CVE-2024-10898 The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function. This makes ... | 8.8 | HIGH | โ | 0 |
| CVE-2024-11388 The Dino Game โ Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and inclu... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-11416 The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the save_opt... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-11432 The SuevaFree Essential Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'counter' shortcode in all versions up to, and including, 1.1.3 due to insufficient input... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-11435 The salavat counter Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 0.9.4 due to insufficient input sanitizat... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-11440 The Grey Owl Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gol_button' shortcode in all versions up to, and including, 1.6.1 due to insufficient input sa... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-10666 The Easy Twitter Feed โ Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode. This makes it possib... | 4.3 | MEDIUM | โ | 0 |
| CVE-2024-50437 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a throug... | 6.5 | MEDIUM | โ | 0 |
| CVE-2024-11225 The Premium Packages โ Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in al... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-10813 The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_du... | 5.3 | MEDIUM | โ | 0 |
| CVE-2024-10868 The Enter Addons โ Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to in... | 4.3 | MEDIUM | โ | 0 |
| CVE-2024-10874 The Quotes llama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quotes-llama' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanit... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-11463 The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insuffic... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-10895 The Counter Up โ Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and incl... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-11853 The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โarโ parameter in all versions up to, and including, 2.0.16 due to insufficient input sanitization and outpu... | 6.4 | MEDIUM | โ | 0 |
| CVE-2024-12062 The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharity_elementor_template' shortcode due to insuffici... | 4.3 | MEDIUM | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.