Vulnerabilities > Monsterinsights
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-32291 | Cross-site Scripting vulnerability in Monsterinsights Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through 8.14.1. | 5.4 |
| 2023-10-27 | CVE-2023-46153 | Cross-site Scripting vulnerability in Monsterinsights User Feedback Unauth. | 6.1 |
| 2023-08-08 | CVE-2023-23880 | Cross-site Scripting vulnerability in Monsterinsights Exactmetrics Auth. | 5.4 |
| 2023-05-18 | CVE-2023-23999 | Cross-site Scripting vulnerability in Monsterinsights Google Analytics Dashboard Auth. | 5.4 |
| 2023-02-06 | CVE-2023-0081 | Unspecified vulnerability in Monsterinsights The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2023-01-16 | CVE-2022-3904 | Cross-site Scripting vulnerability in Monsterinsights The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. | 6.1 |