Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-6264 | Cross-site Scripting vulnerability in Wpexpertplugins Post Meta Data Manager The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-02 | CVE-2024-6011 | Cross-site Scripting vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-07-02 | CVE-2024-5260 | Cross-site Scripting vulnerability in Sinaextra Sina Extension for Elementor The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘read_more_text’ parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-02 | CVE-2023-41922 | Cross-site Scripting vulnerability in Kiloview P1 Firmware and P2 Firmware A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. | 5.4 |
| 2024-07-02 | CVE-2024-38857 | Cross-site Scripting vulnerability in Checkmk Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks. | 6.1 |
| 2024-07-02 | CVE-2024-3513 | Cross-site Scripting vulnerability in Dotcamp Ultimate Blocks The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title tag parameter in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-02 | CVE-2024-5504 | Cross-site Scripting vulnerability in Apollo13Themes Rife Elementor Extensions & Templates The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-02 | CVE-2024-5544 | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-07-02 | CVE-2024-5219 | Cross-site Scripting vulnerability in Supsystic Easy Google Maps The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-02 | CVE-2024-1427 | Cross-site Scripting vulnerability in Radiustheme the Post Grid The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |