Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): XSS Wordpress
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-29771 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8. Published: March 27, 2024; 9:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29932 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. Published: March 27, 2024; 6:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30201 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4. Published: March 27, 2024; 3:15:59 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29906 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. Published: March 27, 2024; 3:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29142 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue affects Better Search – Relevant search results for WordPress: from n/a through 3.3.0. Published: March 19, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-7085 |
The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Published: March 18, 2024; 3:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-4729 |
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: March 12, 2024; 6:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-4728 |
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS Published: March 12, 2024; 6:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25594 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a through 1.6. Published: February 29, 2024; 2:15:07 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6499 |
The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Published: February 12, 2024; 11:15:08 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-47526 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6. Published: February 12, 2024; 2:15:07 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2024-24927 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. Published: February 12, 2024; 1:15:08 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-23517 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin – Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin – Online Booking for WordPress: from n/a through 3.5.10. Published: February 10, 2024; 4:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-51404 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy – The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy – The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7. Published: February 10, 2024; 4:15:07 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-24801 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0. Published: February 10, 2024; 3:15:08 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-24713 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5. Published: February 10, 2024; 3:15:07 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-24712 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS.This issue affects Heateor Social Login WordPress: from n/a through 1.1.30. Published: February 10, 2024; 3:15:07 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-24881 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2. Published: February 08, 2024; 7:15:56 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-51506 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0. Published: February 01, 2024; 7:15:53 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-51536 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2. Published: February 01, 2024; 6:15:09 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |