Total
36875 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3730 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-02-05 | N/A | 5.4 MEDIUM |
| The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-1985 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-02-05 | N/A | 4.7 MEDIUM |
| The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution. | |||||
| CVE-2024-9170 | 1 Booster | 1 Booster For Woocommerce | 2025-02-05 | N/A | 5.5 MEDIUM |
| The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ShopManager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-9239 | 1 Booster | 1 Booster For Woocommerce | 2025-02-05 | N/A | 6.1 MEDIUM |
| The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-1054 | 1 Booster | 1 Booster For Woocommerce | 2025-02-05 | N/A | 6.4 MEDIUM |
| The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcj_product_barcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-13551 | 1 Paulrosen | 1 Abc Notation | 2025-02-05 | N/A | 6.4 MEDIUM |
| The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-27777 | 1 Online Jewelry Shop Project | 1 Online Jewelry Shop | 2025-02-05 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL. | |||||
| CVE-2023-27776 | 1 Online Jewelry Shop Project | 1 Online Jewelry Shop | 2025-02-05 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter. | |||||
| CVE-2022-2507 | 1 Octopus | 1 Octopus Server | 2025-02-05 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage | |||||
| CVE-2024-1730 | 1 Bdthemes | 1 Prime Slider | 2025-02-05 | N/A | 5.4 MEDIUM |
| The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in all versions up to, and including, 3.14.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-2311 | 1 Theme-fusion | 1 Avada | 2025-02-05 | N/A | 6.4 MEDIUM |
| The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-2286 | 1 Wowdevs | 1 Sky Addons For Elementor | 2025-02-05 | N/A | 6.4 MEDIUM |
| The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-32575 | 1 Kraftplugins | 1 Mega Elements | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.1.9. | |||||
| CVE-2024-32456 | 1 Envothemes | 1 Envo Extra | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra allows Stored XSS.This issue affects Envo Extra: from n/a through 1.8.11. | |||||
| CVE-2024-30422 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1. | |||||
| CVE-2024-29760 | 1 Booster | 1 Booster For Woocommerce | 2025-02-05 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7. | |||||
| CVE-2024-29792 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-02-05 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.93. | |||||
| CVE-2024-29777 | 1 Incsub | 1 Forminator | 2025-02-05 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0. | |||||
| CVE-2024-29935 | 1 Sinaextra | 1 Sina Extension For Elementor | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0. | |||||
| CVE-2024-29092 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2025-02-05 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3. | |||||