Medium - CVE-2024-2092 - The Elementor Addon Elements plugin for...
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient...
High - CVE-2024-4845 - The Icegram Express plugin for WordPress is...
The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user...
Medium - CVE-2024-1766 - The Download Manager plugin for WordPress is...
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input...
Medium - CVE-2024-3492 - The Events Manager – Calendar, Bookings,...
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and...
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up...
Medium - CVE-2024-5674 - The Newsletter - API v1 and v2 addon plugin for...
The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to,...
NA - CVE-2024-5056 - CWE-552: Files or Directories Accessible to...
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific...