Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-06 | CVE-2024-10715 | Cross-site Scripting vulnerability in Mappresspro Mappress The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-11-06 | CVE-2024-10647 | Cross-site Scripting vulnerability in Westguardsolutions WS Form The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. | 6.1 |
| 2024-11-05 | CVE-2024-50335 | Cross-site Scripting vulnerability in Salesagility Suitecrm SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. | 5.4 |
| 2024-11-05 | CVE-2024-10842 | Cross-site Scripting vulnerability in Romadebrian Web-Sekolah 1.0 A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. | 4.8 |
| 2024-11-05 | CVE-2024-10840 | Cross-site Scripting vulnerability in Romadebrian Web-Sekolah 1.0 A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. | 4.8 |
| 2024-11-05 | CVE-2024-9657 | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-05 | CVE-2024-9867 | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' marker_content parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-05 | CVE-2024-9178 | Cross-site Scripting vulnerability in Xplodedthemes XT Floating Cart for Woocommerce The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-05 | CVE-2024-9878 | Cross-site Scripting vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-11-05 | CVE-2024-9443 | Cross-site Scripting vulnerability in Basticom Framework The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. | 5.4 |