CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39643 – WordPress RegistrationMagic plugin <= 6.0.0.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-39643
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1. The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-plugin-6-0-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39626 – WordPress Pretty Simple Popup Builder plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-39626
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.7. The Pretty Simple Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/pretty-simple-popup-builder/wordpress-pretty-simple-popup-builder-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38690 – WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-38690
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3. The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the do_parse_request() function in versions up to, and including, 1.8.3. This makes it possible for unauthenticated attackers to preview deactivated panoramas. • https://patchstack.com/database/vulnerability/ipanorama-360-virtual-tour-builder-lite/wordpress-ipanorama-360-plugin-1-8-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37920 – WordPress ARForms Form Builder plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37920
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Repute InfoSystems ARForms Form Builder permite XSS reflejado. Este problema afecta a ARForms Form Builder: desde n/a hasta 1.6.7. The ARForms Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37919 – WordPress Timeline Module for Beaver Builder plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37919
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Timeline Module for Beaver Builder allows Stored XSS.This issue affects Timeline Module for Beaver Builder: from n/a through 1.1.3. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Pratik Chaskar Timeline Module para Beaver Builder permite XSS almacenado. Este problema afecta a Timeline Module para Beaver Builder: desde n/a hasta 1.1.3. The Timeline Module for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via title tags in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/timeline-for-beaver-builder/wordpress-timeline-module-for-beaver-builder-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •