Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-06-12 CVE-2024-2092 Cross-site Scripting vulnerability in Wpvibes Elementor Addon Elements
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpvibes CWE-79
5.4
5.4
2024-06-12 CVE-2024-5266 Cross-site Scripting vulnerability in Wpdownloadmanager Download Manager
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpdownloadmanager CWE-79
5.4
5.4
2024-06-12 CVE-2024-3925 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
bdthemes CWE-79
5.4
5.4
2024-06-12 CVE-2024-3559 Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping.
network
low complexity
custom-field-suite-project CWE-79
5.4
5.4
2024-06-12 CVE-2024-5553 Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping.
network
low complexity
leap13 CWE-79
5.4
5.4
2024-06-11 CVE-2024-5646 Cross-site Scripting vulnerability in Futuriowp Futurio Extra
The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping.
network
low complexity
futuriowp CWE-79
5.4
5.4
2024-06-11 CVE-2024-5189 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
5.4
2024-06-11 CVE-2023-6745 Cross-site Scripting vulnerability in Wpgogo Custom Field Template
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta.
network
low complexity
wpgogo CWE-79
5.4
5.4
2024-06-11 CVE-2024-0627 Cross-site Scripting vulnerability in Wpgogo Custom Field Template
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields.
network
low complexity
wpgogo CWE-79
5.4
5.4
2024-06-11 CVE-2024-0653 Cross-site Scripting vulnerability in Wpgogo Custom Field Template
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping.
network
low complexity
wpgogo CWE-79
4.8
4.8