Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-22 | CVE-2024-37428 | Cross-site Scripting vulnerability in Themesgrove All-In-One Addons for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.0. | 5.4 |
2024-07-22 | CVE-2024-37429 | Cross-site Scripting vulnerability in Idehweb Login With Phone Number Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hamid Alinia – idehweb Login with phone number allows Stored XSS.This issue affects Login with phone number: from n/a through 1.7.35. | 4.8 |
2024-07-22 | CVE-2024-37432 | Cross-site Scripting vulnerability in Themegrill Esteem Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Esteem allows Stored XSS.This issue affects Esteem: from n/a through 1.5.0. | 6.1 |
2024-07-22 | CVE-2024-37433 | Cross-site Scripting vulnerability in Mailster Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EverPress Mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.0.9. | 6.1 |
2024-07-22 | CVE-2024-37434 | Cross-site Scripting vulnerability in Atarim Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atarim allows Stored XSS.This issue affects Atarim: from n/a through 3.31. | 4.8 |
2024-07-22 | CVE-2024-37445 | Cross-site Scripting vulnerability in Bplugins Html5 Audio Player Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23. | 5.4 |
2024-07-22 | CVE-2024-41709 | Cross-site Scripting vulnerability in Backdropcms Backdrop Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. | 4.8 |
2024-07-22 | CVE-2024-5004 | Cross-site Scripting vulnerability in Cminds CM Popup The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | 4.8 |
2024-07-22 | CVE-2024-5529 | Cross-site Scripting vulnerability in Holoborodko WP Quicklatex The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2024-07-22 | CVE-2024-6243 | Cross-site Scripting vulnerability in Ibericode Html Forms The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled. | 4.8 |