U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
There are 232,351 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2024-32573

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Stored XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11.

Published: April 18, 2024; 6:15:12 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32572

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.6.0.

Published: April 18, 2024; 6:15:11 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32571

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in naa986 WP Stripe Checkout allows Stored XSS.This issue affects WP Stripe Checkout: from n/a through 1.2.2.41.

Published: April 18, 2024; 6:15:11 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32570

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.

Published: April 18, 2024; 6:15:11 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32569

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31.

Published: April 18, 2024; 6:15:11 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32568

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2.

Published: April 18, 2024; 6:15:11 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32567

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7.

Published: April 18, 2024; 6:15:10 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32566

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Club Manager allows Stored XSS.This issue affects WP Club Manager: from n/a through 2.2.11.

Published: April 18, 2024; 6:15:10 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32565

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appcheap.Io App Builder allows Stored XSS.This issue affects App Builder: from n/a through 3.8.8.

Published: April 18, 2024; 6:15:10 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32564

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid allows Stored XSS.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 4.0.1.

Published: April 18, 2024; 6:15:10 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32563

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7.

Published: April 18, 2024; 6:15:10 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32562

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through 7.4.9.

Published: April 18, 2024; 6:15:09 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32561

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagembed allows Stored XSS.This issue affects Tagembed: from n/a through 4.7.

Published: April 18, 2024; 6:15:09 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32560

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sharabindu QR Code Composer allows Stored XSS.This issue affects QR Code Composer: from n/a through 2.0.3.

Published: April 18, 2024; 6:15:09 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32559

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post allows Reflected XSS.This issue affects WP 404 Auto Redirect to Similar Post: from n/a through 1.0.4.

Published: April 18, 2024; 6:15:09 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32558

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32.

Published: April 18, 2024; 6:15:09 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32556

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer allows Stored XSS.This issue affects HurryTimer: from n/a through 2.9.2.

Published: April 18, 2024; 6:15:09 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-32554

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Knight Lab Knight Lab Timeline allows Stored XSS.This issue affects Knight Lab Timeline: from n/a through 3.9.3.4.

Published: April 18, 2024; 6:15:08 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-2833

The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘job-search’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Published: April 18, 2024; 6:15:08 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-29003

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.

Published: April 18, 2024; 6:15:08 AM -0400 		V3.1: 7.5 HIGH
 V2.0:(not available)