Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2024-2792 | Cross-site Scripting vulnerability in Webtechstreet Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-3053 | Cross-site Scripting vulnerability in Incsub Forminator The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-3167 | Cross-site Scripting vulnerability in Oceanwp Ocean Extra The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-04-09 | CVE-2024-3208 | Cross-site Scripting vulnerability in Athemes Sydney Toolbox The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-3244 | Cross-site Scripting vulnerability in Wpdeveloper Embedpress The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-3266 | Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-3267 | Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-09 | CVE-2024-28190 | Cross-site Scripting vulnerability in Contao Contao is an open source content management system. | 5.4 |
| 2024-04-07 | CVE-2023-6877 | Cross-site Scripting vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. | 5.4 |
| 2024-04-06 | CVE-2024-2132 | Cross-site Scripting vulnerability in G5Plus Ultimate Bootstrap Elements for Elementor The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |