Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2025-02-18 CVE-2024-13575 Cross-site Scripting vulnerability in Magazine3 web Stories Enhancer
The Web Stories Enhancer – Level Up Your Web Stories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'web_stories_enhancer' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
magazine3 CWE-79
5.4
5.4
2025-02-18 CVE-2024-13704 Cross-site Scripting vulnerability in Themepoints Super Testimonials
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping.
network
low complexity
themepoints CWE-79
6.1
6.1
2025-02-18 CVE-2025-0864 Cross-site Scripting vulnerability in Pluginus Active products Tables for Woocommerce
The Active Products Tables for WooCommerce.
network
low complexity
pluginus CWE-79
6.1
6.1
2025-02-18 CVE-2024-12525 Cross-site Scripting vulnerability in Homeasap Easy MLS Listings Import
The Easy MLS Listings Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-featured-listings' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
homeasap CWE-79
5.4
5.4
2025-02-18 CVE-2024-12813 Cross-site Scripting vulnerability in Pixelgrade Open Hours
The Open Hours – Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
pixelgrade CWE-79
5.4
5.4
2025-02-18 CVE-2024-13464 Cross-site Scripting vulnerability in Photonicgnostic Library Bookshelves
The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
photonicgnostic CWE-79
5.4
5.4
2025-02-18 CVE-2024-13501 Cross-site Scripting vulnerability in Formassembly Wp-Formassembly
The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
formassembly CWE-79
5.4
5.4
2025-02-18 CVE-2024-13565 Cross-site Scripting vulnerability in Shaonback2 Simple MAP NO API
The Simple Map No Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping.
network
low complexity
shaonback2 CWE-79
5.4
5.4
2025-02-18 CVE-2024-13573 Cross-site Scripting vulnerability in Softdiscover Zigaform
The Zigaform – Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_rfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
softdiscover CWE-79
5.4
5.4
2025-02-18 CVE-2024-13576 Cross-site Scripting vulnerability in Adityapatadia Gumlet Video
The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
adityapatadia CWE-79
5.4
5.4