Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-9117 | Cross-site Scripting vulnerability in Mapplic 1.0 The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-26 | CVE-2024-9125 | Cross-site Scripting vulnerability in Kingblack King IE The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-26 | CVE-2024-9127 | Cross-site Scripting vulnerability in Codecabin Super Testimonials 3.0.0 The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-26 | CVE-2024-9173 | Cross-site Scripting vulnerability in Alefypimentel GF Custom Style 2.0 The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-26 | CVE-2024-9198 | Cross-site Scripting vulnerability in Clibomanager Clibo Manager 1.1.9.1 Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture. | 5.4 |
| 2024-09-26 | CVE-2024-8872 | Cross-site Scripting vulnerability in Bizswoop Store Hours for Woocommerce The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. | 6.1 |
| 2024-09-26 | CVE-2024-8861 | Cross-site Scripting vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. | 5.4 |
| 2024-09-26 | CVE-2024-6517 | Cross-site Scripting vulnerability in Dotsquares Contact Form 7 Math Captcha The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. | 6.1 |
| 2024-09-26 | CVE-2024-45836 | Cross-site Scripting vulnerability in Planex products Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. | 6.1 |
| 2024-09-26 | CVE-2024-8723 | Cross-site Scripting vulnerability in Wangbin 012 PS Multi Languages The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. | 5.4 |