Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2024-1948 | Cross-site Scripting vulnerability in Motopress Getwid The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-1999 | Cross-site Scripting vulnerability in Kadencewp Gutenberg Blocks With AI The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2081 | Cross-site Scripting vulnerability in Fooplugins Foogallery The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2117 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-2138 | Cross-site Scripting vulnerability in Crocoblock Jetwidgets for Elementor The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2181 | Cross-site Scripting vulnerability in Wpzoom Beaver Builder Addons The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2183 | Cross-site Scripting vulnerability in Wpzoom Beaver Builder Addons The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2185 | Cross-site Scripting vulnerability in Wpzoom Beaver Builder Addons The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2186 | Cross-site Scripting vulnerability in Wpzoom Beaver Builder Addons The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2187 | Cross-site Scripting vulnerability in Wpzoom Beaver Builder Addons The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. | 5.4 |