Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-22 | CVE-2024-12117 | Cross-site Scripting vulnerability in Gambit Stackable The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-22 | CVE-2024-13406 | Cross-site Scripting vulnerability in Icopydoc XML for Google Merchant Center The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-22 | CVE-2024-13584 | Cross-site Scripting vulnerability in Videowhisper Picture Gallery The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-22 | CVE-2024-13590 | Cross-site Scripting vulnerability in Ayecode Ketchup Shortcodes The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-21 | CVE-2025-24459 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | 6.1 |
| 2025-01-21 | CVE-2025-24012 | Cross-site Scripting vulnerability in Umbraco CMS Umbraco is a free and open source .NET content management system. | 5.4 |
| 2025-01-21 | CVE-2024-11226 | The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-21 | CVE-2025-0450 | The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-21 | CVE-2024-13404 | Cross-site Scripting vulnerability in Ylefebvre Link Library The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-21 | CVE-2025-0371 | Cross-site Scripting vulnerability in Crocoblock Jetelements The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |