Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-8914 | The Thanh Toán Quét Mã QR Code T? Ð?ng – MoMo, ViettelPay, VNPay và 40 ngân hàng Vi?t Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. | 7.2 |
| 2024-09-25 | CVE-2024-8917 | Cross-site Scripting vulnerability in Anwp Football Leagues The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-25 | CVE-2024-8919 | Cross-site Scripting vulnerability in Wpdeveloperr Confetti Fall Animation The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'confetti-fall-animation' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-25 | CVE-2024-8942 | Cross-site Scripting vulnerability in Scriptcase 9.4.019 Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. | 8.2 |
| 2024-09-25 | CVE-2024-9148 | Cross-site Scripting vulnerability in Flowiseai Embed and Flowise Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0. | 6.1 |
| 2024-09-24 | CVE-2024-8628 | Cross-site Scripting vulnerability in Mailoptin The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-24 | CVE-2024-8544 | Cross-site Scripting vulnerability in Fatcatapps Pixel CAT The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. | 6.1 |
| 2024-09-24 | CVE-2024-8657 | Cross-site Scripting vulnerability in Ggnome Garden Gnome Package The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-24 | CVE-2024-8662 | Cross-site Scripting vulnerability in Ibericode Koko Analytics The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. | 6.1 |
| 2024-09-24 | CVE-2024-8716 | Cross-site Scripting vulnerability in Xplodedthemes XT Ajax ADD to Cart for Woocommerce The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. | 6.1 |