| 2025-02-19 | CVE-2024-13589 | The YouTube Playlists with Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yt_grid' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-13591 | The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-13657 | The Store Locator Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'storelocatorwidget' shortcode in all versions up to, and including, 20200131 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-13660 | The Responsive Flickr Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fshow' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-13663 | The Coaching Staffs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mstw-cs-table' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-13674 | The Cosmic Blocks (40+) Content Editor Blocks Collection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cwp_social_share' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-13679 | Cross-site Scripting vulnerability in Getbuybox Buybox Widget
The Widget BUY.BOX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buybox-widget' shortcode in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-19 | CVE-2024-13711 | Cross-site Scripting vulnerability in Bin-Co Pollin
The Pollin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-19 | CVE-2024-13736 | Cross-site Scripting vulnerability in Purechat Pure Chat
The Pure Chat – Live Chat & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘purechatWidgetName’ parameter in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-19 | CVE-2024-13799 | The User Private Files – File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘new-fldr-name’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. | 6.4 |