| 2024-11-21 | CVE-2024-10682 | The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg and remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.11.7. | 6.1 |
| 2024-11-21 | CVE-2024-10785 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-11-21 | CVE-2024-10788 | The Activity Log – Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. | 7.2 |
| 2024-11-21 | CVE-2024-10792 | The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-21 | CVE-2024-10890 | The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. | 6.1 |
| 2024-11-21 | CVE-2024-11360 | Cross-site Scripting vulnerability in Benhuson Page Parts
The Page Parts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. | 6.1 |
| 2024-11-21 | CVE-2024-11365 | Cross-site Scripting vulnerability in Hedge3 Crypto and Defi Widgets
The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. | 6.1 |
| 2024-11-21 | CVE-2024-11370 | Cross-site Scripting vulnerability in Mediaticus Subaccounts for Woocommerce
The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. | 6.1 |
| 2024-11-21 | CVE-2024-11371 | Cross-site Scripting vulnerability in Slimndap Theater for Wordpress
The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. | 6.1 |
| 2024-11-21 | CVE-2024-11385 | Cross-site Scripting vulnerability in Shafayat Pure CSS Circle Progress BAR
The Pure CSS Circle Progress bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'circle_progress' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |