Theluckywp Luckywp_table_of_contents
6 CVEs affecting Theluckywp Luckywp_table_of_contents. Latest disclosed: 2025-04-03. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-2299 | Medium | 6.1 | 2025-04-03 | The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to mis… |
CVE-2024-2119 | Medium | 6.1 | 2024-05-22 | The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including… |
CVE-2024-2953 | Medium | 5.5 | 2024-05-22 | The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4… |
CVE-2024-9641 | Medium | 4.8 | 2024-12-12 | The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as a… |
CVE-2024-2218 | Medium | 4.6 | 2024-06-14 | The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as… |
CVE-2023-6487 | Medium | 4.4 | 2024-05-22 | The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and includin… |