NA - CVE-2024-5627 - The Tournamatch WordPress plugin before 4.6.1...
The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks.
NA - CVE-2024-5644 - The Tournamatch WordPress plugin before 4.6.1...
The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks...
NA - CVE-2024-5713 - The If-So Dynamic Content Personalization...
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead...
NA - CVE-2024-5715 - The wp-eMember WordPress plugin before 10.6.7...
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against...
NA - CVE-2024-5744 - The wp-eMember WordPress plugin before 10.6.7...
The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site...
NA - CVE-2024-6070 - The If-So Dynamic Content Personalization...
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored...
Medium - CVE-2024-6574 - The Laposta plugin for WordPress is vulnerable...
The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. This is due to the plugin not preventing direct access to several test files. This...
NA - CVE-2023-39327 - A flaw was found in OpenJPEG. Maliciously...
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
NA - CVE-2023-39329 - A flaw was found in OpenJPEG. A resource...
A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.
High - CVE-2024-5902 - The User Feedback – Create Interactive Feedback...
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up...