CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13431 – Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13431
06 Mar 2025 — The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in all versions up to, and including, 1.6.8.3 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13902 – huang-yk student-manage Edit a Student Information Page cross site scripting
https://notcve.org/view.php?id=CVE-2024-13902
06 Mar 2025 — The manipulation of the argument Class leads to cross site scripting. ... Durch die Manipulation des Arguments Class mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://gitee.com/huang-yk/student-manage/issues/I9UXC4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12800 – IP Based Login <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12800
06 Mar 2025 — The IP Based Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12611 – School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12611
06 Mar 2025 — The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. • source=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13805 – Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-13805
06 Mar 2025 — The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12809 – Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12809
06 Mar 2025 — The Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishlist_button' shortcode in all versions up to, and including, 1.0.43 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 1CVE-2024-48246
https://notcve.org/view.php?id=CVE-2024-48246
05 Mar 2025 — Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Name" parameter of /vehicle-management/booking.php. • https://github.com/ShadowByte1/CVE-2024-48246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11847 – WP SVG Upload <= 1.0.0 - Author+ Stored XSS via SVG
https://notcve.org/view.php?id=CVE-2024-11847
05 Mar 2025 — The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. The Wp Svg Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. • https://wpscan.com/vulnerability/f57ecff2-0cff-40c7-b6e4-5b162b847d65 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13839 – Company Directory <= 4.3 - Reflected Cross-Site Scripting via add_query_arg Function
https://notcve.org/view.php?id=CVE-2024-13839
04 Mar 2025 — The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3. ... El complemento Staff Directory Plugin: Company Directory para WordPress es vulnerable a Cross-Site Scripting reflejado debido al uso de add_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 4.3 incluida. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13757 – Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode
https://notcve.org/view.php?id=CVE-2024-13757
04 Mar 2025 — The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. ... El complemento Master Slider – Responsive Touch Slider para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del código corto ms_layer del complemento en todas las versiones hasta la 3.10.6 incluid... • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •