Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-06 | CVE-2024-4364 | Cross-site Scripting vulnerability in Qodeinteractive QI Addons for Elementor The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-06 | CVE-2024-4458 | Cross-site Scripting vulnerability in Themesflat Addons for Elementor 2.0.0/2.1.2 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-06 | CVE-2024-4459 | Cross-site Scripting vulnerability in Themesflat Addons for Elementor 2.0.0/2.1.2 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-06 | CVE-2024-4608 | Cross-site Scripting vulnerability in Artbees Sellkit The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-06 | CVE-2024-4707 | Cross-site Scripting vulnerability in Extendthemes Materialis Companion The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-06 | CVE-2024-5141 | Cross-site Scripting vulnerability in Martintod Rotating Tweets 1.9.10 The Rotating Tweets (Twitter widget and shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's' 'rotatingtweets' in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-06 | CVE-2024-5152 | Cross-site Scripting vulnerability in Quomodosoft Elementsready The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-06 | CVE-2024-5161 | Cross-site Scripting vulnerability in Wpthemespace Magical Addons for Elementor The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-06 | CVE-2024-5162 | Cross-site Scripting vulnerability in Master-Addons Prettyphoto The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-06 | CVE-2024-5449 | Unspecified vulnerability in Wppool WP Dark Mode The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. | 4.3 |