CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51939 – WordPress Stylish Internal Links plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51939
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Santhosh veer Stylish Internal Links allows DOM-Based XSS.This issue affects Stylish Internal Links: from n/a through 1.9. The Stylish Internal Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/stylish-internal-links/wordpress-stylish-internal-links-plugin-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51929 – WordPress Icon Widget plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51929
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Spectrum Icon Widget allows DOM-Based XSS.This issue affects Icon Widget: from n/a through 1.1.0. The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/icon-widget-with-links/wordpress-icon-widget-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43261 – WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43261
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1. The Compute Links plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. • https://patchstack.com/database/vulnerability/compute-links/wordpress-compute-links-plugin-1-2-1-remote-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37941 – WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-37941
Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3. The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.24.3. This is due to missing or incorrect nonce validation on the ilj_rebuild_index and ilj_render_batch_info functions. This makes it possible for unauthenticated attackers to trigger these functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/internal-links/wordpress-internal-link-juicer-seo-auto-linker-for-wordpress-plugin-2-24-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37545 – WordPress Floating Social Media Links plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37545
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nick Halsey Floating Social Media Links allows Stored XSS.This issue affects Floating Social Media Links: from n/a through 1.5.2. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Nick Halsey Floating Social Media Links permite XSS almacenado. Este problema afecta Floating Social Media Links: desde n/a hasta 1.5.2. The Floating Social Media Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/floating-social-media-links/wordpress-floating-social-media-links-plugin-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •