CVE-2024-8093 – Posts reminder <= 0.20 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2024-8093
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack • https://wpscan.com/vulnerability/c7fd690a-5f02-491c-a3fb-6eac9ffffe96 •
CVE-2024-8092 – Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2024-8092
The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. • https://wpscan.com/vulnerability/d5a91ceb-8a92-4f99-b7b7-1c4e0a587022 •
CVE-2024-5170 – Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget
https://notcve.org/view.php?id=CVE-2024-5170
The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) • https://wpscan.com/vulnerability/37b5ed06-0633-49e0-b47d-8aa2f4510179 •
CVE-2024-7864 – Favicon Generator < 2.1 - Arbitrary File Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-7864
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server • https://wpscan.com/vulnerability/6ce62e78-04a4-46b2-b97f-c4ef8f3258c3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-7133 – My Sticky Bar < 2.7.3 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-7133
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks. • https://wpscan.com/vulnerability/c81c1622-33d1-41f2-ba63-f06bd4c125ab •