Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-4458 | Cross-site Scripting vulnerability in Themesflat Addons for Elementor 2.0.0/2.1.2 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-06 | CVE-2024-4459 | Cross-site Scripting vulnerability in Themesflat Addons for Elementor 2.0.0/2.1.2 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-06 | CVE-2024-4608 | Cross-site Scripting vulnerability in Artbees Sellkit The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-06 | CVE-2024-4707 | Cross-site Scripting vulnerability in Extendthemes Materialis Companion The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-06 | CVE-2024-5141 | Cross-site Scripting vulnerability in Martintod Rotating Tweets 1.9.10 The Rotating Tweets (Twitter widget and shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's' 'rotatingtweets' in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-06 | CVE-2024-5152 | Cross-site Scripting vulnerability in Quomodosoft Elementsready The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-06 | CVE-2024-5161 | Cross-site Scripting vulnerability in Wpthemespace Magical Addons for Elementor The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-06 | CVE-2024-5162 | Cross-site Scripting vulnerability in Master-Addons Prettyphoto 1.2.3 The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-06 | CVE-2024-2350 | Cross-site Scripting vulnerability in Cleversoft Clever Addons for Elementor The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CAFE Icon, CAFE Team Member, and CAFE Slider widgets in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-06 | CVE-2024-4705 | Cross-site Scripting vulnerability in Axelerant Testimonials Widget The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |