Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-30	CVE-2024-12177	Cross-site Scripting vulnerability in Wpmessiah AI Image ALT Text Generator for WP The Ai Image Alt Text Generator for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. network low complexity wpmessiah CWE-79	6.1
2025-01-30	CVE-2024-12299	Cross-site Scripting vulnerability in Bowo System Dashboard 2.8.7 The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. network low complexity bowo CWE-79	6.1
2025-01-30	CVE-2024-12320	Cross-site Scripting vulnerability in Shoalsummitsolutions Team Rosters The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. network low complexity shoalsummitsolutions CWE-79	6.1
2025-01-30	CVE-2024-12444	Cross-site Scripting vulnerability in Wpdispensary WP Dispensary The WP Dispensary plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpd_menu' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity wpdispensary CWE-79	5.4
2025-01-30	CVE-2024-12451	Cross-site Scripting vulnerability in Proxymis Html5 Chat The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.04 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity proxymis CWE-79	5.4
2025-01-30	CVE-2024-13349	Cross-site Scripting vulnerability in Stockdio Historical Chart The Stockdio Historical Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode in all versions up to, and including, 2.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity stockdio CWE-79	5.4
2025-01-30	CVE-2024-13400	Cross-site Scripting vulnerability in Gubbigubbi Kona Gallery Block The Kona Gallery Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Kona: Instagram for Gutenberg" Block, specifically in the "align" attribute, in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. network low complexity gubbigubbi CWE-79	5.4
2025-01-30	CVE-2024-13460	Cross-site Scripting vulnerability in Wordpresteem WE - Testimonial Slide The WE – Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Testimonial Author Names in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. network low complexity wordpresteem CWE-79	5.4
2025-01-30	CVE-2024-13549	Cross-site Scripting vulnerability in Areoi ALL Bootstrap Blocks The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitization and output escaping. network low complexity areoi CWE-79	5.4
2025-01-30	CVE-2024-13661	Cross-site Scripting vulnerability in Wptableeditor Table Editor The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity wptableeditor CWE-79	5.4