VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-25
CVE-2024-13467
The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-25
CVE-2024-13548
The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-25
CVE-2024-13551
The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-25
CVE-2024-13586
The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'justified-gallery' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-25
CVE-2024-13599
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name.
network
low complexity
CWE-79
6.4
6.4
2025-01-25
CVE-2024-10552
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-01-24
CVE-2024-13354
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-01-24
CVE-2024-13542
The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-24
CVE-2024-13572
The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-24
CVE-2024-12494
The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_meeting_map' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
«
Previous
1
2
(current)
3
4
5
...
1810
1811
»
Next