Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-21 | CVE-2024-13751 | Cross-site Scripting vulnerability in Webdevocean 3D Photo Gallery The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'des[]' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-21 | CVE-2025-1406 | Cross-site Scripting vulnerability in Imamura Newpost Catch The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2025-1407 | Cross-site Scripting vulnerability in Amothemo AMO Team Showcase The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's amoteam_skills shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-20 | CVE-2024-13748 | Cross-site Scripting vulnerability in Webcodingplace Ultimate Classified Listings The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. | 4.8 |
| 2025-02-20 | CVE-2024-13802 | Cross-site Scripting vulnerability in Bandsintown The Bandsintown Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bandsintown_events' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-20 | CVE-2024-13849 | Cross-site Scripting vulnerability in Dcurasi Cookie Notice BAR The Cookie Notice Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. | 4.8 |
| 2025-02-20 | CVE-2024-6432 | Cross-site Scripting vulnerability in Vanderwijk Content Blocks The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-20 | CVE-2025-1328 | Cross-site Scripting vulnerability in Mrlegend1235 Typed JS The Typed JS: A typewriter style animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘typespeed’ parameter in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-20 | CVE-2025-0897 | Cross-site Scripting vulnerability in Wow-Company Modal Window The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-20 | CVE-2025-1064 | Cross-site Scripting vulnerability in Xootix Login/Signup Popup The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xoo_el_action shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |