CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43256 – WordPress Leopard plugin <= 2.0.36 - Subscriber+ Plugin Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2024-43256
12 Aug 2024 — Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36. The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.36. This makes it possible for authenticated attackers, with Subscriber-level access and above, to u... • https://patchstack.com/database/vulnerability/leopard-wordpress-offload-media/wordpress-leopard-wordpress-offload-media-plugin-2-0-36-subscriber-plugin-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43257 – WordPress Leopard plugin <= 2.0.36 - Subscriber+ Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43257
12 Aug 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36. The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.36. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/leopard-wordpress-offload-media/wordpress-leopard-wordpress-offload-media-plugin-2-0-36-subscriber-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8492 – Hustle <= 7.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8492
29 Jul 2024 — The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installation... • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37930 – WordPress SmartMag theme <= 9.3.0 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-37930
09 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0. The SmartMag theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.3.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contain... • https://patchstack.com/database/vulnerability/smartmag-responsive-retina-wordpress-magazine/wordpress-smartmag-theme-9-3-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37556 – WordPress WordPress Notification Bar plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37556
06 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd WordPress Notification Bar allows Stored XSS.This issue affects WordPress Notification Bar: from n/a through 1.3.10. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en SeedProd WordPress Notification Bar permite XSS almacenado. Este problema afecta a WordPress Notification Bar: desde n/a hasta 1.3.10. The WordPress... • https://patchstack.com/database/vulnerability/wordpress-notification-bar/wordpress-wordpress-notification-bar-plugin-1-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-6307 – WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API
https://notcve.org/view.php?id=CVE-2024-6307
24 Jun 2024 — WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. WordPress Core es vulnerable a Cross-Site Scripting Almacenado a través de la API HTML en varias versiones hasta la 6.5.5 debido a una sa... • https://core.trac.wordpress.org/changeset/58472 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35631 – WordPress FV Flowplayer Video Player plugin <= 7.5.45.7212 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35631
27 May 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Foliovision FV Flowplayer Video Player permite el XSS reflejado. Este problema afecta al FV Flowplayer Video Player: desde n/a hasta 7... • https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-flowplayer-video-player-plugin-7-5-45-7212-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34801 – WordPress Praison SEO WordPress plugin <= 4.0.15 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34801
20 May 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mervin Praison Praison SEO WordPress allows Stored XSS.This issue affects Praison SEO WordPress: from n/a through 4.0.15. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Mervin Praison Praison SEO WordPress permite XSS almacenado. Este problema afecta a Praison SEO WordPress: desde n/a hasta 4.0.15. The Praison SEO WordP... • https://patchstack.com/database/vulnerability/seo-wordpress/wordpress-praison-seo-wordpress-plugin-4-0-15-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33688 – WordPress Teluro theme <= 1.0.31 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-33688
26 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Extend Themes Teluro. Este problema afecta a Teluro: desde n/a hasta 1.0.31. • https://patchstack.com/database/vulnerability/teluro/wordpress-teluro-theme-1-0-31-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33591 – WordPress Easy Accept Payments for PayPal plugin <= 4.9.10 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33591
25 Apr 2024 — Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10. Vulnerabilidad de falta de autorización en Tips and Tricks HQ Easy Accept Payments. Este problema afecta a los pagos de aceptación fácil: desde n/a hasta 4.9.10. The Easy Accept Payments via PayPal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.9.10. This makes it pos... • https://patchstack.com/database/vulnerability/wordpress-easy-paypal-payment-or-donation-accept-plugin/wordpress-easy-accept-payments-for-paypal-plugin-4-9-10-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •