Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-31	CVE-2024-13504	The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. network low complexity CWE-79	7.2
2025-01-31	CVE-2025-0809	The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. network low complexity CWE-79	7.2
2025-01-31	CVE-2024-10867	The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping. network low complexity CWE-79	5.4
2025-01-31	CVE-2025-0507	The Ticketmeo – Sell Tickets – Event Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-31	CVE-2024-13463	The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-31	CVE-2025-0470	The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2025-01-31	CVE-2024-13396	The Frictionless plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'frictionless_form' shortcode[s] in all versions up to, and including, 0.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-31	CVE-2024-13397	The WPRadio – WordPress Radio Streaming Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpradio_player' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-31	CVE-2024-13399	The Gosign – Posts Slider Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posts-slider-block' block in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.4
2025-01-30	CVE-2024-10847	Cross-site Scripting vulnerability in Sellerthemes Storely The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 16.6 due to insufficient input sanitization and output escaping. network low complexity sellerthemes CWE-79	5.4