Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-18 | CVE-2024-5533 | Cross-site Scripting vulnerability in Elegantthemes Divi 4.23.2 The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-18 | CVE-2024-3276 | Cross-site Scripting vulnerability in Fooplugins Foobox The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-06-18 | CVE-2024-4094 | Cross-site Scripting vulnerability in Sharethis Simple Share Buttons Adder The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 5.4 |
| 2024-06-18 | CVE-2024-5172 | Cross-site Scripting vulnerability in Expert Invoice Project Expert Invoice 1.0.2 The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-06-18 | CVE-2024-0845 | Cross-site Scripting vulnerability in Redlettuce PDF Viewer for Elementor 2.9.3 The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-18 | CVE-2024-4375 | Cross-site Scripting vulnerability in Averta Master Slider 3.2.7/3.5.1/3.9.10 The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. | 5.4 |
| 2024-06-17 | CVE-2024-37619 | Cross-site Scripting vulnerability in Strongshop 1.0 StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php. | 6.1 |
| 2024-06-17 | CVE-2024-37624 | Cross-site Scripting vulnerability in Rockoa Xinhu 2.6.3 Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. | 6.1 |
| 2024-06-17 | CVE-2024-37625 | Cross-site Scripting vulnerability in Zhimengzhel Ibarn 1.5 zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php. | 6.1 |
| 2024-06-17 | CVE-2024-5741 | Cross-site Scripting vulnerability in Checkmk Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | 5.4 |