Total
36875 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29123 | 1 Ylefebvre | 1 Link Library | 2025-02-05 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6. | |||||
| CVE-2024-52389 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.2.0. | |||||
| CVE-2024-4868 | 1 Idioweb | 1 Extensions For Elementor | 2025-02-05 | N/A | 6.4 MEDIUM |
| The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's EE Events and EE Flipbox widgets in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6725 | 1 Strategy11 | 1 Formidable Forms | 2025-02-05 | N/A | 4.9 MEDIUM |
| The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with form editing permissions and Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-27090 | 1 Teacms Project | 1 Teacms | 2025-02-05 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter. | |||||
| CVE-2022-48150 | 1 Shopware | 1 Shopware | 2025-02-05 | N/A | 6.1 MEDIUM |
| Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI. | |||||
| CVE-2024-32584 | 1 Standalonetech | 1 Terawallet | 2025-02-05 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StandaloneTech TeraWallet – For WooCommerce allows Stored XSS.This issue affects TeraWallet – For WooCommerce: from n/a through 1.5.0. | |||||
| CVE-2024-45454 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-02-05 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. | |||||
| CVE-2024-3559 | 1 Custom Field Suite Project | 1 Custom Field Suite | 2025-02-05 | N/A | 6.4 MEDIUM |
| The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-47332 | 1 Wowdevs | 1 Sky Addons For Elementor | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.11. | |||||
| CVE-2024-12597 | 1 Hasthemes | 1 Ht Mega | 2025-02-05 | N/A | 6.4 MEDIUM |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-52471 | 1 Idioweb | 1 Extensions For Elementor | 2025-02-05 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Reflected XSS.This issue affects Extensions for Elementor: from n/a through 2.0.37. | |||||
| CVE-2024-8442 | 1 Bdthemes | 1 Prime Slider | 2025-02-05 | N/A | 6.4 MEDIUM |
| The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Blog widget in all versions up to, and including, 3.15.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-50433 | 1 Wowdevs | 1 Sky Addons For Elementor | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.15. | |||||
| CVE-2024-11204 | 1 Ultimatemember | 1 Forumwp | 2025-02-05 | N/A | 6.1 MEDIUM |
| The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-10879 | 1 Ultimatemember | 1 Forumwp | 2025-02-05 | N/A | 6.1 MEDIUM |
| The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-4370 | 1 Wpzoom | 1 Wpzoom Elementor Addons | 2025-02-05 | N/A | 6.4 MEDIUM |
| The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-5646 | 1 Futuriowp | 1 Futurio Extra | 2025-02-05 | N/A | 6.4 MEDIUM |
| The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-53786 | 1 Codeless | 1 Cowidgets Elementor Addons | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.2.0. | |||||
| CVE-2024-3731 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-02-05 | N/A | 6.1 MEDIUM |
| The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||