| 2025-01-30 | CVE-2024-13642 | Cross-site Scripting vulnerability in Motopress Stratum
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-12921 | The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-30 | CVE-2025-0844 | Cross-site Scripting vulnerability in Needyamin Library Card System 1.0
A vulnerability was found in needyamin Library Card System 1.0. | 6.1 |
| 2025-01-29 | CVE-2024-13561 | The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's brid_override_yt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-29 | CVE-2025-0353 | The Divi Torque Lite – Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-29 | CVE-2024-13696 | The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wishlist_name’ parameter in all versions up to, and including, 1.2.25 due to insufficient input sanitization and output escaping. | 7.2 |
| 2025-01-29 | CVE-2025-0804 | The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-29 | CVE-2025-0800 | Cross-site Scripting vulnerability in Argie Online Courseware 1.0
A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. | 4.8 |
| 2025-01-28 | CVE-2024-13527 | Cross-site Scripting vulnerability in Philantro
The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-28 | CVE-2025-0321 | Cross-site Scripting vulnerability in Wpmet Elementskit
The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. | 5.4 |