Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-10	CVE-2024-8729	Cross-site Scripting vulnerability in Idiom Easy Social Share Buttons The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. network low complexity idiom CWE-79	6.1
2024-10-10	CVE-2024-8987	Cross-site Scripting vulnerability in Kainelabs Youzify The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity kainelabs CWE-79	5.4
2024-10-10	CVE-2024-9057	Cross-site Scripting vulnerability in Curator Curator.Io The Curator.io: Show all your social media posts in a beautiful feed. network low complexity curator CWE-79	5.4
2024-10-10	CVE-2024-9064	Cross-site Scripting vulnerability in Namogo Elementor Inline SVG The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. network low complexity namogo CWE-79	5.4
2024-10-10	CVE-2024-9066	Cross-site Scripting vulnerability in Secretlab Marketing and SEO Booster The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. network low complexity secretlab CWE-79	5.4
2024-10-10	CVE-2024-9072	Cross-site Scripting vulnerability in Gdpr-Extensions Consent Manager The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. network low complexity gdpr-extensions CWE-79	5.4
2024-10-10	CVE-2024-9205	Cross-site Scripting vulnerability in Wpfactory Maximum products PER User for Woocommerce The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. network low complexity wpfactory CWE-79	6.1
2024-10-10	CVE-2024-9377	Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. network low complexity wpfactory CWE-79	6.1
2024-10-10	CVE-2024-9457	Cross-site Scripting vulnerability in Cssjockey WP Builder 3.0.7 The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. network low complexity cssjockey CWE-79	5.4
2024-10-09	CVE-2024-48933	Cross-site Scripting vulnerability in Lemonldap-Ng Lemonldap::Ng A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters. network low complexity lemonldap-ng CWE-79	6.1