VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-07
CVE-2024-11810
The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12049
The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12124
The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12126
The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘google_error’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12153
The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12207
The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2025-01-07
CVE-2024-12214
The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12256
The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12290
The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘set_type’ parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12324
The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
«
Previous
1
2
...
17
18
19
(current)
20
21
...
1818
1819
»
Next