NA - CVE-2024-3978 - The WordPress Jitsi Shortcode WordPress plugin...
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,...
NA - CVE-2024-3992 - The Amen WordPress plugin through 3.3.1 does...
The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even...
NA - CVE-2024-3993 - The AZAN Plugin WordPress plugin through 0.6...
The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored...
NA - CVE-2024-4005 - The Social Pixel WordPress plugin through 2.1...
The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks...
NA - CVE-2024-4270 - The SVGMagic WordPress plugin through 1.1 does...
The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
NA - CVE-2024-4271 - The SVGator WordPress plugin through 1.2.6...
The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
High - CVE-2024-4404 - The ElementsKit PRO plugin for WordPress is...
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated...
NA - CVE-2024-4480 - The WP Prayer II WordPress plugin through 2.4.7...
The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
NA - CVE-2024-4751 - The WP Prayer II WordPress plugin through 2.4.7...
The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
NA - CVE-2024-5155 - The Inquiry cart WordPress plugin through 3.4.2...
The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add...