Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2025-02-18 CVE-2024-13565 Cross-site Scripting vulnerability in Shaonback2 Simple MAP NO API
The Simple Map No Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping.
network
low complexity
shaonback2 CWE-79
5.4
5.4
2025-02-18 CVE-2024-13573 Cross-site Scripting vulnerability in Softdiscover Zigaform
The Zigaform – Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_rfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
softdiscover CWE-79
5.4
5.4
2025-02-18 CVE-2024-13576 Cross-site Scripting vulnerability in Adityapatadia Gumlet Video
The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
adityapatadia CWE-79
5.4
5.4
2025-02-18 CVE-2024-13577 Cross-site Scripting vulnerability in Catsone Cats JOB Listings
The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
catsone CWE-79
5.4
5.4
2025-02-18 CVE-2024-13578 Cross-site Scripting vulnerability in Haozhexie Wp-Bibtex
The WP-BibTeX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'WpBibTeX' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
haozhexie CWE-79
5.4
5.4
2025-02-18 CVE-2024-13579 Cross-site Scripting vulnerability in Platcom Wp-Asambleas
The WP-Asambleas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'polls_popup' shortcode in all versions up to, and including, 2.85.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
platcom CWE-79
5.4
5.4
2025-02-18 CVE-2024-13581 Cross-site Scripting vulnerability in Supporthost Simple Charts
The Simple Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simple_chart' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
supporthost CWE-79
5.4
5.4
2025-02-18 CVE-2024-13582 Cross-site Scripting vulnerability in Webdevocean Pricing Tables
The Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdo_simple_pricing_table_free' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
webdevocean CWE-79
5.4
5.4
2025-02-18 CVE-2024-13587 Cross-site Scripting vulnerability in Softdiscover Zigaform
The Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_fvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
softdiscover CWE-79
5.4
5.4
2025-02-18 CVE-2024-13588 Cross-site Scripting vulnerability in Simplebooklet
The Simplebooklet PDF Viewer and Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
simplebooklet CWE-79
5.4
5.4