Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-18 | CVE-2024-47486 | Cross-site Scripting vulnerability in Hikvision Hikcentral Master There is an XSS vulnerability in some HikCentral Master Lite versions. | 6.1 |
| 2024-10-18 | CVE-2024-10055 | Cross-site Scripting vulnerability in Ninjateam Click to Chat The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-18 | CVE-2024-10080 | Cross-site Scripting vulnerability in Newsignature WP Easy Post Types The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-18 | CVE-2024-9206 | Cross-site Scripting vulnerability in Madrasthemes MAS Companies for WP JOB Manager The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. | 6.1 |
| 2024-10-18 | CVE-2024-9703 | Cross-site Scripting vulnerability in Tychesoftwares Arconix Shortcodes The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-18 | CVE-2024-47793 | Cross-site Scripting vulnerability in Exceedone Exment Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. | 5.4 |
| 2024-10-18 | CVE-2024-10014 | Cross-site Scripting vulnerability in Tiandiyoyo Flat UI Button 1.0 The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-18 | CVE-2024-10049 | Cross-site Scripting vulnerability in Edit Woocommerce Templates Project Edit Woocommerce Templates The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-18 | CVE-2024-8740 | Cross-site Scripting vulnerability in Fatcatapps Getresponse Forms The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. | 6.1 |
| 2024-10-18 | CVE-2024-8790 | Cross-site Scripting vulnerability in Themeinwp Social Share With Floating BAR The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. | 6.1 |