Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-30 | CVE-2024-2491 | Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-30 | CVE-2024-2140 | Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Beaver Builder The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-30 | CVE-2024-2141 | Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Beaver Builder The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-30 | CVE-2024-2142 | Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Beaver Builder The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-30 | CVE-2024-2143 | Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Beaver Builder The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-30 | CVE-2024-2144 | Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Beaver Builder The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-30 | CVE-2024-0367 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., 'Button Link') in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-30 | CVE-2024-1238 | Cross-site Scripting vulnerability in Wpmet Elements KIT Elementor Addons The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-29 | CVE-2024-0609 | Cross-site Scripting vulnerability in Wedevs WP ERP The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-03-29 | CVE-2024-2108 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. | 5.4 |