Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2024-2226 | Cross-site Scripting vulnerability in Themeisle Otter Blocks The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2305 | Cross-site Scripting vulnerability in Brainstormforce Cards for Beaver Builder The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-2311 | Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-2436 | Cross-site Scripting vulnerability in Smartwp Lightweight Accordion The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-2492 | Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2507 | Cross-site Scripting vulnerability in Crocoblock Jetwidgets for Elementor The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-2783 | Cross-site Scripting vulnerability in Gamipress The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-2787 | Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-2788 | Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-2789 | Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |