Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-14 | CVE-2024-2122 | Cross-site Scripting vulnerability in Fooplugins Foogallery The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-14 | CVE-2024-3966 | Cross-site Scripting vulnerability in Projectcaruso Pray for ME 1.0.4 The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin | 6.1 |
| 2024-06-14 | CVE-2024-3977 | Cross-site Scripting vulnerability in Andrewabarber Wordpress Jitsi Shortcode 0.1 The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-06-14 | CVE-2024-3978 | Cross-site Scripting vulnerability in Andrewabarber Wordpress Jitsi Shortcode 0.1 The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2024-06-14 | CVE-2024-3992 | Cross-site Scripting vulnerability in Joshua Vandercar Amen The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-06-14 | CVE-2024-4005 | Cross-site Scripting vulnerability in Labschool Social Pixel 2.1 The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-06-14 | CVE-2024-4270 | Cross-site Scripting vulnerability in Andibauer Svgmagic 1.1 The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | 5.4 |
| 2024-06-13 | CVE-2024-33253 | Cross-site Scripting vulnerability in Openeclass Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function. | 5.4 |
| 2024-06-13 | CVE-2023-35859 | Cross-site Scripting vulnerability in Moderncampus Omni CMS 2023.1 A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters. | 6.1 |
| 2024-06-13 | CVE-2024-37308 | Cross-site Scripting vulnerability in Boxystudio Cooked The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. | 5.4 |