Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-5789 | Cross-site Scripting vulnerability in Towfiqi Triton Lite The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5867 | Cross-site Scripting vulnerability in Nattywp Delicate The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5869 | Cross-site Scripting vulnerability in Arnoldgoodway Neighborly The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5870 | Cross-site Scripting vulnerability in Arnoldgoodway Tweaker5 The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5884 | Cross-site Scripting vulnerability in Allprices Beauty The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tpl_featured_cat_id’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-8714 | Cross-site Scripting vulnerability in Slicewp Affiliate Program Suite The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.20. | 6.1 |
| 2024-09-13 | CVE-2024-8730 | Cross-site Scripting vulnerability in Cvstech Exit Notifier The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. | 6.1 |
| 2024-09-13 | CVE-2024-8731 | Cross-site Scripting vulnerability in Leira Cron Jobs The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. | 6.1 |
| 2024-09-13 | CVE-2024-8732 | Cross-site Scripting vulnerability in Leira Roles & Capabilities The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.9. | 6.1 |
| 2024-09-13 | CVE-2024-8734 | Cross-site Scripting vulnerability in Lucasstad Lucas String Replace The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. | 6.1 |