Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-29 | CVE-2024-1056 | Cross-site Scripting vulnerability in Funnelkit Funnel Builder The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. | 5.4 |
| 2024-08-29 | CVE-2024-1384 | Cross-site Scripting vulnerability in Averta Auxinportfolio The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-29 | CVE-2024-3944 | Cross-site Scripting vulnerability in Delower WP to DO The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-08-29 | CVE-2024-43986 | Cross-site Scripting vulnerability in Mage-People Ecab Taxi Booking Manager Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: through 1.0.9. | 4.8 |
| 2024-08-29 | CVE-2024-5417 | Cross-site Scripting vulnerability in Gutentor The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2024-08-29 | CVE-2024-5624 | Cross-site Scripting vulnerability in Br-Automation Industrial Automation Aprol Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session | 6.1 |
| 2024-08-29 | CVE-2024-6927 | Cross-site Scripting vulnerability in Wow-Company Viral Signup The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-08-29 | CVE-2024-7132 | Cross-site Scripting vulnerability in Godaddy Coblocks The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor and admin by default) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-08-29 | CVE-2024-7606 | Cross-site Scripting vulnerability in Etoilewebdesign Front END Users The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-29 | CVE-2024-7895 | Cross-site Scripting vulnerability in Wpbeaveraddons Powerpack Lite for Beaver Builder The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.8.3.5 due to insufficient input sanitization and output escaping. | 5.4 |