Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-14 CVE-2024-11884 The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-photo-slider' shortcode in all versions up to, and including, 8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-12-14 CVE-2024-11888 The IDer Login for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ider_login_button' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-12-14 CVE-2024-11889 The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-search' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-12-14 CVE-2024-11894 The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-12-14 CVE-2024-12411 The WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2024-12-14 CVE-2024-12447 The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
2024-12-14 CVE-2024-12448 The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-12-14 CVE-2024-12458 The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-12-14 CVE-2024-12502 The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-landing' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-12-14 CVE-2024-12517 The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4