Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2022-3739 | Cross-site Scripting vulnerability in Subina WP Best Quiz 1.0 The WP Best Quiz WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks. | 5.4 |
| 2024-01-16 | CVE-2022-3829 | Cross-site Scripting vulnerability in Newnine Font Awesome 4 Menus The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-01-16 | CVE-2022-3836 | Cross-site Scripting vulnerability in Seedwebs Seed Social The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-01-16 | CVE-2023-0079 | Cross-site Scripting vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2024-01-16 | CVE-2023-0094 | Cross-site Scripting vulnerability in Qoders Upqode Google Maps 1.0.5 The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2024-01-16 | CVE-2023-0376 | Cross-site Scripting vulnerability in Themeum Qubely The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2024-01-16 | CVE-2023-0389 | Cross-site Scripting vulnerability in Codepeople Calculated Fields Form The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-01-16 | CVE-2023-0479 | Cross-site Scripting vulnerability in Tychesoftwares Print Invoice & Delivery Notes for Woocommerce The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. | 6.1 |
| 2024-01-16 | CVE-2023-0769 | Cross-site Scripting vulnerability in Hiweb Migration Simple The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. | 6.1 |
| 2024-01-16 | CVE-2023-3372 | Cross-site Scripting vulnerability in Lana Shortcodes The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |