| 2024-11-01 | CVE-2024-9655 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-31 | CVE-2024-9165 | The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-31 | CVE-2024-9446 | The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-31 | CVE-2024-9708 | Cross-site Scripting vulnerability in Delowerhossain Easy SVG Upload
The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-30 | CVE-2024-10086 | Cross-site Scripting vulnerability in Hashicorp Consul
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS. | 6.1 |
| 2024-10-30 | CVE-2024-10108 | The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. | 7.2 |
| 2024-10-30 | CVE-2024-10223 | The WP Team – WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-30 | CVE-2024-8871 | The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. | 6.1 |
| 2024-10-30 | CVE-2024-8627 | Cross-site Scripting vulnerability in Joshlobe Ultimate Tinymce
The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-30 | CVE-2024-8792 | Cross-site Scripting vulnerability in Markjaquith Subscribe to Comments
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. | 6.1 |