VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-11-21
CVE-2024-10623
The ForumEngine theme for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-21
CVE-2024-10675
The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-21
CVE-2024-10682
The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg and remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.11.7.
network
low complexity
CWE-79
6.1
6.1
2024-11-21
CVE-2024-10785
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-11-21
CVE-2024-10788
The Activity Log – Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2024-11-21
CVE-2024-10792
The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-21
CVE-2024-10890
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.7.
network
low complexity
CWE-79
6.1
6.1
2024-11-21
CVE-2024-11360
The Page Parts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3.
network
low complexity
CWE-79
6.1
6.1
2024-11-21
CVE-2024-11365
The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.6.
network
low complexity
CWE-79
6.1
6.1
2024-11-21
CVE-2024-11370
The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0.
network
low complexity
CWE-79
6.1
6.1
«
Previous
1
2
(current)
3
4
5
...
2155
2156
»
Next