Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-01 | CVE-2024-8288 | The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-01 | CVE-2024-8324 | The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-01 | CVE-2024-8793 | Cross-site Scripting vulnerability in Visser Store Exporter for Woocommerce The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. | 6.1 |
| 2024-10-01 | CVE-2024-8799 | Cross-site Scripting vulnerability in Goldplugins Custom Banners The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. | 6.1 |
| 2024-10-01 | CVE-2024-9209 | Cross-site Scripting vulnerability in Cornelraiu WP Search Analytics The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. | 6.1 |
| 2024-10-01 | CVE-2024-9220 | Cross-site Scripting vulnerability in Petershaw LH Copy Media File The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. | 6.1 |
| 2024-10-01 | CVE-2024-9228 | Cross-site Scripting vulnerability in Duckdev Loggedin The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. | 6.1 |
| 2024-10-01 | CVE-2024-9241 | Cross-site Scripting vulnerability in Contempo PDF Image Generator The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. | 6.1 |
| 2024-10-01 | CVE-2024-7869 | The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. | 7.2 |
| 2024-10-01 | CVE-2024-8718 | The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. | 6.1 |