Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-23 | CVE-2024-12118 | Cross-site Scripting vulnerability in Theeventscalendar the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-23 | CVE-2024-12504 | Cross-site Scripting vulnerability in Videowhisper Broadcast Live Video The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-23 | CVE-2024-13340 | Cross-site Scripting vulnerability in Pluginus Meta Data and Taxonomies Filter The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-23 | CVE-2024-13389 | Cross-site Scripting vulnerability in Cliptakes The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-23 | CVE-2024-13422 | The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-23 | CVE-2024-12043 | Cross-site Scripting vulnerability in Bdthemes Prime Slider The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'social_link_title' parameter of the 'blog' widget in all versions up to, and including, 3.16.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-23 | CVE-2023-32340 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 6.2.0.0 IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. | 5.4 |
| 2025-01-23 | CVE-2023-50309 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 6.2.0.0 IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. | 5.4 |
| 2025-01-22 | CVE-2024-12477 | The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-22 | CVE-2024-13319 | Cross-site Scripting vulnerability in Themify Builder The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. | 6.1 |