Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-13 | CVE-2024-13227 | Cross-site Scripting vulnerability in Rankmath SEO The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-13 | CVE-2025-0837 | Cross-site Scripting vulnerability in Themerex Puzzles The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-13 | CVE-2024-13644 | Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-12 | CVE-2024-56938 | Cross-site Scripting vulnerability in Learndash 6.7.1 LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the materials-content class. | 5.4 |
| 2025-02-12 | CVE-2024-56939 | Cross-site Scripting vulnerability in Learndash 6.7.1 LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ld-comment-body class. | 5.4 |
| 2025-02-12 | CVE-2025-1209 | Cross-site Scripting vulnerability in Anisha Wazifa System 1.0 A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. | 5.4 |
| 2025-02-12 | CVE-2025-1208 | Cross-site Scripting vulnerability in Anisha Wazifa System 1.0 A vulnerability was found in code-projects Wazifa System 1.0. | 5.4 |
| 2025-02-12 | CVE-2024-10322 | Cross-site Scripting vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-12 | CVE-2025-0511 | Cross-site Scripting vulnerability in Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-12 | CVE-2025-1195 | Cross-site Scripting vulnerability in Fabian Real Estate Property Management System 1.0 A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. | 5.4 |