| 2025-02-20 | CVE-2024-13155 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-20 | CVE-2024-13445 | Cross-site Scripting vulnerability in Elementor Website Builder
The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and including, 3.27.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-19 | CVE-2024-53974 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
| 2025-02-19 | CVE-2024-28776 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. | 5.4 |
| 2025-02-19 | CVE-2025-20211 | A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
| 2025-02-19 | CVE-2025-0916 | Cross-site Scripting vulnerability in Yaycommerce Yaysmtp
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-19 | CVE-2024-13363 | Cross-site Scripting vulnerability in Raptive ADS
The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-19 | CVE-2025-1024 | Cross-site Scripting vulnerability in Churchcrm
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. | 4.8 |
| 2025-02-19 | CVE-2024-11335 | The UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframe' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-11753 | The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umich_oidc_button' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |