Magazine3

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-7759 1Magazine3 1Pwa For Wp & Amp Jun 11, 2025 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter...Show more The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-13575 1Magazine3 1Web Stories Enhancer Feb 21, 2025 Feb 18, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Web Stories Enhancer – Level Up Your Web Stories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'web_stories_enhancer' shortcode in all versions up to, and including, 1.3 due to in...Show more The Web Stories Enhancer – Level Up Your Web Stories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'web_stories_enhancer' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-47318 1Magazine3 1Pwa For Wp & Amp Apr 23, 2026 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Missing Authorization vulnerability in Magazine3 PWA for WP & AMP pwa-for-wp.This issue affects PWA for WP & AMP: from n/a through <= 1.7.72.
CVE-2024-7082 1Magazine3 1Easy Table Of Contents May 28, 2025 Aug 6, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.
CVE-2024-5582 1Magazine3 1Schema & Structured Data For Wp & Amp Apr 8, 2026 Jul 17, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to i...Show more The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-6334 1Magazine3 1Easy Table Of Contents May 21, 2025 Jul 9, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfi...Show more The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.Show less
CVE-2024-5573 1Magazine3 1Easy Table Of Contents May 19, 2025 Jun 26, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilt...Show more The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedShow less
CVE-2024-1586 1Magazine3 1Schema & Structured Data For Wp & Amp Apr 8, 2026 Feb 29, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and outp...Show more The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default the required authentication level is admin, but administrators have the ability to assign role based access to users as low as subscriber.Show less
CVE-2024-1288 1Magazine3 1Schema & Structured Data For Wp & Amp Apr 8, 2026 Feb 29, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all versions up to, and i...Show more The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially breaking the reCaptcha functionality.Show less
CVE-2024-22146 1Magazine3 1Schema & Structured Data For Wp & Amp Apr 28, 2026 Jan 31, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP &...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25.Show less
CVE-2023-6782 1Magazine3 1Amp For Wp Apr 8, 2026 Jan 11, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitizatio...Show more The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-35883 1Magazine3 1Core Web Vitals & Pagespeed Booster Apr 28, 2026 Dec 19, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.
CVE-2023-48321 1Magazine3 1Amp For Wp Apr 28, 2026 Nov 30, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP –...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1.Show less
CVE-2021-4366 1Magazine3 1Pwa For Wp & Amp Apr 8, 2026 Jun 7, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it...Show more The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.Show less
CVE-2021-4354 1Magazine3 1Pwa For Wp & Amp Apr 8, 2026 Jun 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possib...Show more The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.Show less
CVE-2018-20838 1Magazine3 1Amp For Wp Nov 21, 2024 May 13, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.