| 2024-06-08 | CVE-2024-35755 | Cross-site Scripting vulnerability in Eltiempoen Weather Widget PRO
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40. | 5.4 |
| 2024-06-08 | CVE-2024-35756 | Cross-site Scripting vulnerability in Ceikay Tooltip CK 2.2.15
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CeiKay Tooltip CK tooltip-ck allows Stored XSS.This issue affects Tooltip CK: from n/a through 2.2.15. | 4.8 |
| 2024-06-08 | CVE-2024-4468 | The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. | 4.3 |
| 2024-06-08 | CVE-2024-4661 | The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. | 4.3 |
| 2024-06-08 | CVE-2024-5087 | The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. | 6.3 |
| 2024-06-08 | CVE-2024-5613 | The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-06-08 | CVE-2024-5638 | The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-06-08 | CVE-2024-5770 | The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. | 4.2 |
| 2024-06-08 | CVE-2024-5663 | Cross-site Scripting vulnerability in Ultimateaddons Cards for Beaver Builder
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-07 | CVE-2024-36773 | Cross-site Scripting vulnerability in Monstra
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php. | 4.8 |