Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-10-02 CVE-2024-9172 Cross-site Scripting vulnerability in Kraftplugins Demo Importer Plus
The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping.
network
low complexity
kraftplugins CWE-79
5.4
5.4
2024-10-02 CVE-2024-9210 Cross-site Scripting vulnerability in Ibericode Mailchimp TOP BAR
The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0.
network
low complexity
ibericode CWE-79
6.1
6.1
2024-10-02 CVE-2024-9222 Cross-site Scripting vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8.
network
low complexity
cozmoslabs CWE-79
6.1
6.1
2024-10-02 CVE-2024-9225 Cross-site Scripting vulnerability in Seopress
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1.
network
low complexity
seopress CWE-79
6.1
6.1
2024-10-01 CVE-2024-47523 Cross-site Scripting vulnerability in Librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
network
low complexity
librenms CWE-79
5.4
5.4
2024-10-01 CVE-2024-47525 Cross-site Scripting vulnerability in Librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
network
low complexity
librenms CWE-79
5.4
5.4
2024-10-01 CVE-2024-47527 Cross-site Scripting vulnerability in Librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
network
low complexity
librenms CWE-79
5.4
5.4
2024-10-01 CVE-2024-31835 Cross-site Scripting vulnerability in Flatpress
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
network
low complexity
flatpress CWE-79
4.8
4.8
2024-10-01 CVE-2024-47604 Cross-site Scripting vulnerability in Microsoft Nugetgallery
NuGet Gallery is a package repository that powers nuget.org.
network
low complexity
microsoft CWE-79
6.1
6.1
2024-10-01 CVE-2024-9060 The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4