Archive - advisory.abay.sh

2024

CVE-2024-37389 — Apache NiFi Improper Neutralization of Input in Parameter Context Description

CVE-2023-6487 — LuckyWP Table of Contents <= 2.1.4 - Authenticated Cross-Site Scripting

CVE-2024-0598 — Gutenberg Blocks by Kadence Blocks <= 3.2.17 Editor+ Stored Cross-Site Scritpting via Slider Callback

CVE-2023-6486 — Spectra – WordPress Gutenberg Blocks <= 2.10.3 Contributor+ Stored Cross-Site Scritpting via Slider Callback

CVE-2023-4839 — WP Go Maps <= 9.0.32 Administrator+ Stored Cross-Site Scritpting via Slider Callback

CVE-2024-0611 — Master Slider – Responsive Touch Slider < 3.9.5 Editor+ Stored Cross-Site Scritpting via Slider Callback

CVE-2024-0614 — Events Manager <= 6.4.6.4 Administrator+ Stored Cross-Site Scritpting via Settings

CVE-2024-0602 — Yet Another Related Posts Plugin (YARPP) <= 5.30.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings

CVE-2024-0621 — Simple Share Buttons Adder <= 8.4.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings

CVE-2024-0604 — Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings

CVE-2024-0597 — SEO Plugin by Squirrly SEO WP Plugin <= 12.3.15 Administrator+ Stored Cross-Site Scritpting

CVE-2023-7225 — MapPress WP Plugin <= 2.88.16 Contributor+ Stored Cross-Site Scritpting

CVE-2024-0612 — Content Views WP Plugin <= 3.6.2 Administrator+ Stored Cross-Site Scritpting

CVE-2024-0618 — Fluent Forms <= 5.1.5 - Administrator+ Stored Cross-Site Scripting

CVE-2023-6884 — Plugin for Google Reviews < 3.1 Contributor+ Stored Cross-Site Scripting

CVE-2023-6524 — MapPress WP Plugin <= 2.88.13 Contributor+ Stored Cross-Site Scritpting