CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7879 – WP ULike < 4.7.5 - Admin+ Stored XSS via Widgets
https://notcve.org/view.php?id=CVE-2024-7879
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed • https://wpscan.com/vulnerability/5ad1c40a-5e13-40b6-8652-c23a1f39abc2 •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-50637
https://notcve.org/view.php?id=CVE-2024-50637
UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. ¶¶ The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies. UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies. • https://github.com/unopim/unopim/issues/41 https://github.com/unopim/unopim/releases/tag/v0.1.4 https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Unopim/Findings.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10186 – Event Post <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode
https://notcve.org/view.php?id=CVE-2024-10186
The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10168 – Use constructor to create tables <= 1.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode
https://notcve.org/view.php?id=CVE-2024-10168
Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8323 – Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fontFamily Attribute
https://notcve.org/view.php?id=CVE-2024-8323
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •