Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2024-13588 | Cross-site Scripting vulnerability in Simplebooklet The Simplebooklet PDF Viewer and Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13848 | Cross-site Scripting vulnerability in Jakob42 Reaction Buttons The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. | 4.8 |
| 2025-02-18 | CVE-2025-0805 | Cross-site Scripting vulnerability in Mlcalc Mortgage Loan Calculator The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-17 | CVE-2025-0924 | The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. | 7.2 |
| 2025-02-15 | CVE-2025-1005 | Cross-site Scripting vulnerability in Wpmet Elementskit Elementor Addons The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-15 | CVE-2024-13563 | Cross-site Scripting vulnerability in Etoilewebdesign Front END Users The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-14 | CVE-2025-23857 | Cross-site Scripting vulnerability in Smartdatasoft Essential WP Real Estate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Essential WP Real Estate allows Reflected XSS. | 6.1 |
| 2025-02-14 | CVE-2024-13735 | Cross-site Scripting vulnerability in Hurrytimer The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. | 5.4 |
| 2025-02-14 | CVE-2024-9601 | Cross-site Scripting vulnerability in Themeum Qubely The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-13 | CVE-2024-13867 | Cross-site Scripting vulnerability in Tangiblewp Listivo The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. | 6.1 |