| 2025-01-26 | CVE-2024-12334 | Cross-site Scripting vulnerability in Codexpert WC Affiliate
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-26 | CVE-2024-13505 | Cross-site Scripting vulnerability in Ays-Pro Survey Maker
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. | 4.8 |
| 2025-01-26 | CVE-2024-10636 | The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-25 | CVE-2024-35145 | IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. | 6.1 |
| 2025-01-25 | CVE-2025-0350 | Cross-site Scripting vulnerability in Elegantthemes Carousel Maker for Divi
The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-25 | CVE-2024-11825 | The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘zone’ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-25 | CVE-2024-12076 | The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. | 6.1 |
| 2025-01-25 | CVE-2024-12512 | The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'askmeanythingpeople' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-25 | CVE-2024-12529 | The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-25 | CVE-2024-12816 | The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |