CVE-2024-47380 – WordPress WP-Lister Lite for eBay plugin <= 3.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47380
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.3. The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-lister-for-ebay/wordpress-wp-lister-lite-for-ebay-plugin-3-6-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-43306 – WordPress WP-Lister Lite for eBay plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43306
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0. The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-lister-for-ebay/wordpress-wp-lister-lite-for-ebay-plugin-3-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-32836 – WordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-32836
Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WP Lab WP-Lister Lite para eBay. Este problema afecta a WP-Lister Lite para eBay: desde n/a hasta 3.5.11. The WP-Lister Lite for eBay plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 3.6.0 (exclusive). This makes it possible for authenticated attackers, with shop manager-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wp-lister-for-ebay/wordpress-wp-lister-lite-for-ebay-plugin-3-5-11-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-32573 – WordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32573
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Stored XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en WP Lab WP-Lister Lite para eBay permite almacenar XSS. Este problema afecta a WP-Lister Lite para eBay: desde n/a hasta 3.5.11. The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.5.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wp-lister-for-ebay/wordpress-wp-lister-lite-for-ebay-plugin-3-5-11-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •