CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10638 – Product Labels For Woocommerce < 1.5.11 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2024-10638
25 Mar 2025 — The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks • https://wpscan.com/vulnerability/32a7a778-2211-45b4-bdc2-528f27b7d4fe •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10566 – Slider by 10Web < 1.2.62 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10566
25 Mar 2025 — The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/a98a7f11-4c01-4b91-8adc-465beefa310a •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10565 – Slider by 10Web < 1.2.62 - Admin+ Stored XSS via Widget
https://notcve.org/view.php?id=CVE-2024-10565
25 Mar 2025 — The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/4ef05302-a6ca-4816-ab0d-a4e3bf7a5e22 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10560 – Form Maker by 10Web < 1.15.30 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10560
25 Mar 2025 — The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/80298c89-544d-4894-a837-253f5f26cf42 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10554 – WP-Advanced-Search < 3.3.9.3 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10554
25 Mar 2025 — The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/7c15b082-caa5-4cf2-9986-2eb519dcb7c5 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10472 – Stylish Price List < 7.1.12 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10472
25 Mar 2025 — The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/d79e5c05-26d0-4223-891f-42ac9fb6ef6e •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10105 – Jobs for WordPress < 2.7.11 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10105
25 Mar 2025 — The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/4477db12-26e9-4c6d-8b71-f3f6a0d19813 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1203 – Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1203
24 Mar 2025 — The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/fca0b129-3299-46d6-9231-ca5afd2fdb66 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1062 – Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1062
24 Mar 2025 — The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/657b355b-e38f-46d6-b574-7ce736d25f31 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1446 – Pods < 3.2.8.2 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2025-1446
23 Mar 2025 — The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks • https://wpscan.com/vulnerability/c170fb45-7ed5-40ef-99f6-8da035a23d89 •