Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-30 | CVE-2024-13664 | Cross-site Scripting vulnerability in Wpbean WP Post List Table The WP Post List Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpb_post_list_table' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-13670 | Cross-site Scripting vulnerability in Partitionnumerique Music Sheet Viewer The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pn_msv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-13700 | Cross-site Scripting vulnerability in Vinayjain Embed Swagger UI The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-13705 | Cross-site Scripting vulnerability in Stageshow Project Stageshow The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. | 6.1 |
| 2025-01-30 | CVE-2024-13380 | The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rr_form' shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-30 | CVE-2024-13466 | The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-30 | CVE-2024-12524 | The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-30 | CVE-2025-0860 | Cross-site Scripting vulnerability in Vruiz Vr-Frases The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-30 | CVE-2024-13732 | Cross-site Scripting vulnerability in Cyberchimps Responsive Blocks The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-30 | CVE-2024-13470 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |