NA - CVE-2024-4551 - The Video Gallery – YouTube Playlist, Channel...
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function....
Medium - CVE-2024-5858 - The AI Infographic Maker plugin for WordPress...
The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions...
High - CVE-2023-6696 - The Popup Builder – Create highly converting,...
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on...
High - CVE-2024-2544 - The Popup Builder plugin for WordPress is...
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for...
High - CVE-2024-3813 - The tagDiv Composer plugin for WordPress is...
The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id'...
Medium - CVE-2024-3814 - The tagDiv Composer plugin for WordPress is...
The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient...
Medium - CVE-2024-3815 - The Newspaper theme for WordPress is vulnerable...
The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input...
Medium - CVE-2024-4479 - The Jeg Elementor Kit plugin for WordPress is...
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs...
Medium - CVE-2024-5263 - The ElementsKit Pro plugin for WordPress is...
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to...
Medium - CVE-2024-5868 - The WooCommerce - Social Login plugin for...
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes...