Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-11766 The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-12 CVE-2024-11781 The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-12 CVE-2024-11785 The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebase_show' shortcode in all versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-12 CVE-2024-11871 The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-12 CVE-2024-11882 The FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-12 CVE-2024-12018 The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6.
network
low complexity
CWE-862
4.3
4.3
2024-12-12 CVE-2024-12040 The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode.
network
low complexity
CWE-98
8.8
8.8
2024-12-12 CVE-2024-12059 The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode.
network
low complexity
CWE-639
4.3
4.3
2024-12-12 CVE-2024-12072 The Analytics Cat – Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2.
network
low complexity
CWE-79
6.1
6.1
2024-12-12 CVE-2024-12172 The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21.
network
low complexity
CWE-862
7.5
7.5