Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-18 | CVE-2024-8916 | Cross-site Scripting vulnerability in Sukiwp Suki Sites Import The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-18 | CVE-2024-9350 | Cross-site Scripting vulnerability in DPD Baltic Shipping The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-18 | CVE-2024-9366 | Cross-site Scripting vulnerability in Wpzest Easy Menu Manager The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-18 | CVE-2024-9373 | Cross-site Scripting vulnerability in Dankedev Elemenda The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-18 | CVE-2024-9382 | Cross-site Scripting vulnerability in Rockettheme Gantry The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'override_id' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-18 | CVE-2024-9383 | Cross-site Scripting vulnerability in Parcelpro Parcel PRO The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-18 | CVE-2024-9452 | Cross-site Scripting vulnerability in Gurieveugen&Vitaliyshebela Branding The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-18 | CVE-2024-9848 | Cross-site Scripting vulnerability in K2-Service Product Customizer Light The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-18 | CVE-2024-9892 | Cross-site Scripting vulnerability in Arelthiaphillips ADD Widget After Content The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-10-17 | CVE-2024-49288 | Cross-site Scripting vulnerability in Villatheme Woocommerce Email Template Customizer Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5. | 4.8 |