CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8792 – Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8792
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. ... El complemento Subscribe to Comments para WordPress es vulnerable Cross-Site Scripting reflejado debido al uso de add_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 2.3 incluida. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9885 – Widget or Sidebar Shortcode <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2024-9885
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. ... El complemento Widget or Sidebar Shortcode para WordPress es vulnerable a la ejecución de Cross Site Scripting almacenado a través del código abreviado de la "barra lateral" del complemento en todas las versiones hasta la 0.6.1 incluida, debido a una desinfección de entrada y un escape de salida insuficiente en los atributos proporcionados por el usuario. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8627 – Ultimate TinyMCE <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8627
The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. ... El complemento Ultimate TinyMCE para WordPress es vulnerable a Cross Site Scripting almacenado a través del código abreviado "field" en todas las versiones hasta la 5.7 incluida, debido a una desinfección de entrada y un escape de salida insuficiente. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9886 – WP Baidu Map <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2024-9886
The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. ... El complemento WP Baidu Map para WordPress es vulnerable a Cross Site Scripting almacenado a través del código abreviado 'baidu_map' del complemento en todas las versiones hasta la 1.2.2 incluida, debido a una desinfección de entrada y un escape de salida insuficiente en los atributos proporcionados por el usuario. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9884 – T(-) Countdown <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2024-9884
The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. ... El complemento T(-) Countdown para WordPress es vulnerable a Cross Site Scripting almacenado a través del código corto 'tminus' del complemento en todas las versiones hasta la 2.4.8 incluida, debido a una desinfección de entrada y un escape de salida insuficiente en los atributos proporcionados por el usuario. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •