Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-21 | CVE-2024-10222 | Cross-site Scripting vulnerability in Benbodhi SVG Support The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-21 | CVE-2024-13455 | Cross-site Scripting vulnerability in Igumbi The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbi_calendar' shortcode in all versions up to, and including, 1.40 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2025-1489 | Cross-site Scripting vulnerability in Tchgdns Wp-Appbox The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2024-12452 | Cross-site Scripting vulnerability in Oliverfriedmann Ziggeo The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeo_event' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2024-13461 | Cross-site Scripting vulnerability in Patternsinthecloud Autoship Cloud The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2024-13648 | Cross-site Scripting vulnerability in Icopydoc Maps for WP The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2025-1410 | Cross-site Scripting vulnerability in Jonathanjernigan PIE Calendar The Events Calendar Made Simple – Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2024-13379 | Cross-site Scripting vulnerability in Covertnine C9 Admin Dashboard The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-21 | CVE-2024-13388 | Cross-site Scripting vulnerability in Tcoderbd Tcbd Tooltip 1.0 The TCBD Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbdtooltip_text' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2024-13672 | Cross-site Scripting vulnerability in Minicoursegenerator Mini Course Generator The Mini Course Generator | Embed mini-courses and interactive content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mcg' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |