Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-8965 Cross-site Scripting vulnerability in Codesupply Absolute Reviews
The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping.
network
low complexity
codesupply CWE-79
5.4
5.4
2024-09-26 CVE-2024-9177 Cross-site Scripting vulnerability in Themedy Toolbox
The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
themedy CWE-79
5.4
5.4
2024-09-26 CVE-2024-8633 Cross-site Scripting vulnerability in 10Web Form Maker
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping.
network
low complexity
10web CWE-79
4.8
4.8
2024-09-26 CVE-2022-4541 Cross-site Scripting vulnerability in Nitinmaurya Wordpress Visitors 1.0
The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
network
low complexity
nitinmaurya CWE-79
6.1
6.1
2024-09-26 CVE-2024-9115 Cross-site Scripting vulnerability in Chetanvaghela Common Tools for Site
The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping.
network
low complexity
chetanvaghela CWE-79
5.4
5.4
2024-09-26 CVE-2024-9117 Cross-site Scripting vulnerability in Mapplic 1.0
The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
network
low complexity
mapplic CWE-79
5.4
5.4
2024-09-26 CVE-2024-9125 Cross-site Scripting vulnerability in Kingblack King IE
The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
network
low complexity
kingblack CWE-79
5.4
5.4
2024-09-26 CVE-2024-9127 Cross-site Scripting vulnerability in Codecabin Super Testimonials 3.0.0
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping.
network
low complexity
codecabin CWE-79
5.4
5.4
2024-09-26 CVE-2024-9173 Cross-site Scripting vulnerability in Alefypimentel GF Custom Style 2.0
The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping.
network
low complexity
alefypimentel CWE-79
5.4
5.4
2024-09-26 CVE-2024-9198 Cross-site Scripting vulnerability in Clibomanager Clibo Manager 1.1.9.1
Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture.
network
low complexity
clibomanager CWE-79
5.4
5.4