Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-27	CVE-2024-9279	Cross-site Scripting vulnerability in Funnyzpc Mee-Admin A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. network low complexity funnyzpc CWE-79	4.8
2024-09-27	CVE-2024-6931	Cross-site Scripting vulnerability in Stellarwp the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping. network low complexity stellarwp CWE-79	6.1
2024-09-27	CVE-2024-8681	Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity leap13 CWE-79	5.4
2024-09-27	CVE-2024-8991	Cross-site Scripting vulnerability in Hyumika Openstreetmap The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity hyumika CWE-79	5.4
2024-09-27	CVE-2024-9049	Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity fastlinemedia CWE-79	5.4
2024-09-27	CVE-2024-8965	Cross-site Scripting vulnerability in Codesupply Absolute Reviews The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. network low complexity codesupply CWE-79	5.4
2024-09-26	CVE-2024-9177	Cross-site Scripting vulnerability in Themedy Toolbox The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity themedy CWE-79	5.4
2024-09-26	CVE-2024-8633	Cross-site Scripting vulnerability in 10Web Form Maker The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. network low complexity 10web CWE-79	4.8
2024-09-26	CVE-2022-4541	Cross-site Scripting vulnerability in Nitinmaurya Wordpress Visitors 1.0 The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. network low complexity nitinmaurya CWE-79	6.1
2024-09-26	CVE-2024-9115	Cross-site Scripting vulnerability in Chetanvaghela Common Tools for Site The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. network low complexity chetanvaghela CWE-79	5.4