Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): XSS Wordpress
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-34561 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.71. Published: May 08, 2024; 8:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34573 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pootlepress Pootle Pagebuilder – WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder – WordPress Page builder: from n/a through 5.7.1. Published: May 08, 2024; 5:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3076 |
The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Published: April 26, 2024; 10:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33696 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet XPRESS WordPress Ad Widget allows Stored XSS.This issue affects WordPress Ad Widget: from n/a through 2.20.0. Published: April 26, 2024; 9:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3058 |
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Published: April 26, 2024; 1:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32694 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62. Published: April 22, 2024; 4:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2761 |
The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks. Published: April 19, 2024; 1:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32585 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendWP Import Content in WordPress & WooCommerce with Excel allows Reflected XSS.This issue affects Import Content in WordPress & WooCommerce with Excel: from n/a through 4.2. Published: April 18, 2024; 6:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32597 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7. Published: April 18, 2024; 5:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2729 |
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. Published: April 18, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32149 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.This issue affects Jobs for WordPress: from n/a through 2.7.5. Published: April 15, 2024; 3:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2583 |
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks. Published: April 13, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31285 |
Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3. Published: April 11, 2024; 9:15:52 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2428 |
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks Published: April 10, 2024; 1:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31344 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6. Published: April 07, 2024; 2:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31104 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GetResponse GetResponse for WordPress allows Stored XSS.This issue affects GetResponse for WordPress: from n/a through 5.5.33. Published: March 31, 2024; 4:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31103 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Reflected XSS.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. Published: March 31, 2024; 4:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31108 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iFlyChat Team iFlyChat – WordPress Chat iflychat allows Stored XSS.This issue affects iFlyChat – WordPress Chat: from n/a through 4.7.2. Published: March 31, 2024; 3:15:48 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30444 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.Io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.9. Published: March 29, 2024; 1:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29765 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0. Published: March 27, 2024; 10:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |