Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-04	CVE-2024-47854	Cross-site Scripting vulnerability in Veritas Data Insight An XSS vulnerability was discovered in Veritas Data Insight before 7.1. network low complexity veritas CWE-79	6.1
2024-10-04	CVE-2024-8804	Cross-site Scripting vulnerability in Davidartiss Code Embed The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. network low complexity davidartiss CWE-79	5.4
2024-10-04	CVE-2024-9242	Cross-site Scripting vulnerability in Memberful The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity memberful CWE-79	5.4
2024-10-04	CVE-2024-8519	Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity ultimatemember CWE-79	5.4
2024-10-04	CVE-2024-8802	Cross-site Scripting vulnerability in Clio Grow 1.0/1.0.1/1.0.2 The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. network low complexity clio CWE-79	6.1
2024-10-04	CVE-2024-9204	Cross-site Scripting vulnerability in Nerdpress Smart Custom 404 Error Page The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. network low complexity nerdpress CWE-79	6.1
2024-10-04	CVE-2024-9237	Cross-site Scripting vulnerability in Wp-Centrics Fish and Ships The Fish and Ships – Most flexible shipping table rate. network low complexity wp-centrics CWE-79	6.1
2024-10-04	CVE-2024-9345	Cross-site Scripting vulnerability in Tychesoftwares Product Delivery Date for Woocommerce The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. network low complexity tychesoftwares CWE-79	6.1
2024-10-04	CVE-2024-9349	Cross-site Scripting vulnerability in Michaeluno Auto Amazon Links The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. network low complexity michaeluno CWE-79	6.1
2024-10-04	CVE-2024-9353	Cross-site Scripting vulnerability in Themes4Wp Popularis Extra The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. network low complexity themes4wp CWE-79	6.1