Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-05	CVE-2024-4939	Cross-site Scripting vulnerability in Weavertheme Weaver Xtreme Theme Support The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity weavertheme CWE-79	5.4
2024-06-05	CVE-2024-5006	Cross-site Scripting vulnerability in Woostify Boostify Header Footer Builder for Elementor The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. network low complexity woostify CWE-79	5.4
2024-06-05	CVE-2024-5439	Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. network low complexity creativethemes CWE-79	5.4
2024-06-05	CVE-2024-1164	Cross-site Scripting vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied error messages. network low complexity brizy CWE-79	5.4
2024-06-05	CVE-2024-5222	Cross-site Scripting vulnerability in Cyberchimps Responsive Addons The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. network low complexity cyberchimps CWE-79	5.4
2024-06-05	CVE-2024-1161	Cross-site Scripting vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. network low complexity brizy CWE-79	5.4
2024-06-05	CVE-2024-1940	Cross-site Scripting vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. network low complexity brizy CWE-79	5.4
2024-06-05	CVE-2024-2087	Cross-site Scripting vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. network low complexity brizy CWE-79	6.1
2024-06-05	CVE-2024-3667	Cross-site Scripting vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity brizy CWE-79	5.4
2024-06-05	CVE-2024-5317	Cross-site Scripting vulnerability in Thenewsletterplugin Newsletter The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. network low complexity thenewsletterplugin CWE-79	6.1