Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2025-1196 | Cross-site Scripting vulnerability in Fabian Real Estate Property Management System 1.0 A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. | 5.4 |
| 2025-02-12 | CVE-2024-13456 | Cross-site Scripting vulnerability in Najeebmedia Easy Quiz Maker The Easy Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wqt-question' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-12 | CVE-2024-13459 | Cross-site Scripting vulnerability in Jeremyshapiro Fusedesk The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesk_newcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-12 | CVE-2025-0506 | Cross-site Scripting vulnerability in Eaglevisionit Rise Blocks The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-12 | CVE-2025-1190 | Cross-site Scripting vulnerability in Anisha JOB Recruitment 1.0 A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. | 6.1 |
| 2025-02-12 | CVE-2024-11746 | Cross-site Scripting vulnerability in Gsplugins Woocommerce Brands The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-12 | CVE-2024-13658 | Cross-site Scripting vulnerability in Wpo-Hr NGG Smart Image Search The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hr_SIS_nextgen_searchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-12 | CVE-2024-13665 | Cross-site Scripting vulnerability in Sktthemes Admire Extra The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'space' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-12 | CVE-2024-13769 | Cross-site Scripting vulnerability in Themerex Puzzles The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'theme_options_ajax_post_action' AJAX action in all versions up to, and including, 4.2.4. | 5.4 |
| 2025-02-12 | CVE-2024-13701 | Cross-site Scripting vulnerability in Stklcode Liveticker The Liveticker (by stklcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |