| 2024-10-26 | CVE-2024-9462 | The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. | 5.5 |
| 2024-10-26 | CVE-2024-9613 | The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-25 | CVE-2024-37844 | Cross-site Scripting vulnerability in Radixiot Mango
A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
| 2024-10-25 | CVE-2024-9585 | Cross-site Scripting vulnerability in Webcraftplugins Image MAP PRO
The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-25 | CVE-2022-30360 | Cross-site Scripting vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. | 6.4 |
| 2024-10-25 | CVE-2024-10374 | Cross-site Scripting vulnerability in Butlerblog Wp-Members
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-25 | CVE-2024-10016 | The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-25 | CVE-2024-10112 | The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-25 | CVE-2024-10343 | The Beek Widget Extention plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-25 | CVE-2024-8666 | The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'html5radio' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |