Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-10 | CVE-2024-2655 | Cross-site Scripting vulnerability in Livemeshelementor Addons for Elementor The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. | 5.4 |
| 2024-04-10 | CVE-2024-3210 | Cross-site Scripting vulnerability in Properfraction Profilepress The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-10 | CVE-2024-1041 | Cross-site Scripting vulnerability in Wpmilitary WP Radio The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. | 5.4 |
| 2024-04-10 | CVE-2024-2734 | Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-10 | CVE-2024-2735 | Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-10 | CVE-2024-2736 | Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-10 | CVE-2024-2733 | Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2023-6486 | Cross-site Scripting vulnerability in Brainstormforce Spectra The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-0376 | Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. | 5.4 |
| 2024-04-09 | CVE-2024-0598 | Cross-site Scripting vulnerability in Kadencewp Gutenberg Blocks With AI The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. | 4.8 |