Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-02 | CVE-2024-3650 | Cross-site Scripting vulnerability in Wpmet Elements KIT Elementor Addons The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions 3.0.7 through 3.1.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-02 | CVE-2024-3724 | Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-02 | CVE-2024-3725 | Cross-site Scripting vulnerability in Themeisle Otter Blocks The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'titleTag'. | 5.4 |
| 2024-05-02 | CVE-2024-3743 | Cross-site Scripting vulnerability in Webtechstreet Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-02 | CVE-2024-3747 | Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-02 | CVE-2024-3819 | Cross-site Scripting vulnerability in Jegtheme JEG Elementor KIT The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-02 | CVE-2024-3885 | Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the subcontainer value parameter in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-02 | CVE-2024-3891 | Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-02 | CVE-2024-3985 | Cross-site Scripting vulnerability in Exclusiveaddons Exclusive Addons for Elementor The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-02 | CVE-2024-4003 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_team_members_image_rounded parameter in the Team Members widget in all versions up to, and including, 5.9.15 due to insufficient input sanitization and output escaping. | 5.4 |