Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-13	CVE-2024-8732	Cross-site Scripting vulnerability in Leira Roles & Capabilities The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.9. network low complexity leira CWE-79	6.1
2024-09-13	CVE-2024-8734	Cross-site Scripting vulnerability in Lucasstad Lucas String Replace The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. network low complexity lucasstad CWE-79	6.1
2024-09-13	CVE-2024-8737	Cross-site Scripting vulnerability in Kubiq PDF Thumbnail Generator The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3. network low complexity kubiq CWE-79	6.1
2024-09-13	CVE-2024-8747	Cross-site Scripting vulnerability in Khromov Email Obfuscate Shortcode The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity khromov CWE-79	5.4
2024-09-13	CVE-2024-5567	Cross-site Scripting vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1 The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping. network low complexity muffingroup CWE-79	5.4
2024-09-13	CVE-2024-8663	Cross-site Scripting vulnerability in Wpsimplebookingcalendar WP Simple Booking Calendar The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.10. network low complexity wpsimplebookingcalendar CWE-79	6.1
2024-09-13	CVE-2024-8664	Cross-site Scripting vulnerability in Boopathirajan WP Test Email The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.7. network low complexity boopathirajan CWE-79	6.1
2024-09-13	CVE-2024-8665	Cross-site Scripting vulnerability in Yithemes Yith Custom Login The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. network low complexity yithemes CWE-79	6.1
2024-09-13	CVE-2024-8742	Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity wpdeveloper CWE-79	5.4
2024-09-13	CVE-2024-5628	Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada \| Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity theme-fusion CWE-79	5.4