NA - CVE-2024-1295 - The events-calendar-pro WordPress plugin before...
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about...
Medium - CVE-2024-2122 - The Best WordPress Gallery Plugin – FooGallery...
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to...
NA - CVE-2024-2218 - The LuckyWP Table of Contents WordPress plugin...
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site...
NA - CVE-2024-3754 - The Alemha watermarker WordPress plugin through...
The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
NA - CVE-2024-3965 - The Pray For Me WordPress plugin through 1.0.4...
The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
NA - CVE-2024-3966 - The Pray For Me WordPress plugin through 1.0.4...
The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin...
NA - CVE-2024-3971 - The Similarity WordPress plugin through 3.0...
The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
NA - CVE-2024-3972 - The Similarity WordPress plugin through 3.0...
The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored...
NA - CVE-2024-3977 - The WordPress Jitsi Shortcode WordPress plugin...
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site...