Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-14 | CVE-2024-4316 | Cross-site Scripting vulnerability in Wpdeveloper Embedpress The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-4339 | Cross-site Scripting vulnerability in Bdthemes Prime Slider The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-4383 | Cross-site Scripting vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-14 | CVE-2024-4430 | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-4448 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.1 |
| 2024-05-14 | CVE-2024-4449 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-14 | CVE-2024-4481 | Cross-site Scripting vulnerability in Kadencewp Gutenberg Blocks With AI The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-14 | CVE-2024-4487 | Cross-site Scripting vulnerability in Creativethemes Blocksy Companion The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-3680 | Cross-site Scripting vulnerability in Themelooks Enter Addons The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-3831 | Cross-site Scripting vulnerability in Themelooks Enter Addons The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. | 5.4 |