Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-02 | CVE-2024-4036 | Cross-site Scripting vulnerability in Athemes Sydney Toolbox The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-02 | CVE-2024-4092 | Cross-site Scripting vulnerability in Themepunch Slider Revolution The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-02 | CVE-2024-4156 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_event_text_color’ parameter in versions up to, and including, 5.9.17 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-02 | CVE-2024-4265 | Cross-site Scripting vulnerability in Master-Addons Master Addons The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-02 | CVE-2024-3883 | Cross-site Scripting vulnerability in 3Dflipbook 3D Flipbook The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-01 | CVE-2023-23021 | Cross-site Scripting vulnerability in Oretnom23 POS - Point of Sale System 1.0 Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php. | 6.1 |
| 2024-05-01 | CVE-2023-23022 | Cross-site Scripting vulnerability in Oretnom23 Employees Payroll Management System 1.0 Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php. | 6.1 |
| 2024-05-01 | CVE-2024-0334 | Cross-site Scripting vulnerability in Jegtheme JEG Elementor KIT The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attribute of a link in several Elementor widgets in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-27 | CVE-2024-3309 | Cross-site Scripting vulnerability in Qodeinteractive QI Addons for Elementor The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-26 | CVE-2024-3890 | Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |