Vulnerabilities > Wonderplugin

DATE CVE VULNERABILITY TITLE RISK
2024-02-08 CVE-2024-24877 Unspecified vulnerability in Wonderplugin Wonder Slider Lite
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9.
network
low complexity
wonderplugin
6.1
2021-08-16 CVE-2021-24540 Unspecified vulnerability in Wonderplugin Wonder Video Embed
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.
network
low complexity
wonderplugin
5.4
2021-08-16 CVE-2021-24541 Cross-site Scripting vulnerability in Wonderplugin Wonder PDF Embed
The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderplugin_pdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.
network
low complexity
wonderplugin CWE-79
5.4