| 2025-01-11 | CVE-2024-12527 | The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-11 | CVE-2024-12304 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-11 | CVE-2024-11327 | The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.1. | 6.1 |
| 2025-01-11 | CVE-2024-12505 | The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tsmap' shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-10 | CVE-2024-13183 | Cross-site Scripting vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-10 | CVE-2025-0311 | Cross-site Scripting vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-09 | CVE-2024-56376 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6
A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. | 5.4 |
| 2025-01-09 | CVE-2024-56377 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6
A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. | 5.4 |
| 2025-01-09 | CVE-2024-11328 | The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. | 6.1 |
| 2025-01-09 | CVE-2024-11686 | The WhatsApp ?? click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'manycontacts_code' parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. | 6.1 |