Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-4372 | Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-4960 | Cross-site Scripting vulnerability in Wclovers Wcfm Marketplace The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-4962 | Cross-site Scripting vulnerability in Wp-Plugins Video Popup The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-5691 | Cross-site Scripting vulnerability in Collect.Chat Chatbot The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-01-11 | CVE-2023-6556 | Cross-site Scripting vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-01-11 | CVE-2023-6561 | Cross-site Scripting vulnerability in Fifu Featured Image From URL The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-01-11 | CVE-2023-6624 | Cross-site Scripting vulnerability in Codection Import and Export Users and Customers The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-6632 | Cross-site Scripting vulnerability in Wedevs Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-11 | CVE-2023-6645 | Cross-site Scripting vulnerability in Pickplugins Post Grid Combo The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-01-11 | CVE-2023-6684 | Cross-site Scripting vulnerability in Vowelweb Ibtana The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. | 5.4 |