CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9388 – Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-9388
The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. ... El complemento Black Widgets For Elementor para WordPress es vulnerable a Cross Site Scripting almacenado a través de cargas de archivos SVG en todas las versiones hasta la 1.3.7 incluida, debido a una desinfección de entrada y un escape de salida insuficiente. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50348 – InstantCMS has a Cross Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-50348
Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. ... Debido a esto, los atacantes pueden inyectar el payload XSS (Cross Site Scripting) y ejecutarlo. • https://github.com/instantsoft/icms2/commit/e02de2fa1850bb40c9b2050b9256c838a0ea7aa3 https://github.com/instantsoft/icms2/security/advisories/GHSA-f6cf-jg84-fw29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10108 – WPAdverts – Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode
https://notcve.org/view.php?id=CVE-2024-10108
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. ... El complemento WPAdverts – Classifieds Plugin para WordPress es vulnerable a Cross Site Scripting almacenado a través del código abreviado adverts_add del complemento en todas las versiones hasta la 2.1.6 incluida, debido a una desinfección de entrada y un escape de salida insuficiente. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10223 – HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode
https://notcve.org/view.php?id=CVE-2024-10223
The WP Team – WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. ... El complemento WP Team – WordPress Team Member para WordPress es vulnerable a Cross Site Scripting almacenado a través del código corto htteamember del complemento en todas las versiones hasta la 1.1.4 incluida, debido a una desinfección de entrada y al escape de salida insuficiente en los atributos proporcionados por el usuario. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8871 – Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8871
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. ... El complemento Pricing Tables WordPress Plugin – Easy Pricing Tables para WordPress es vulnerable a ataques Cross-Site Scripting reflejado debido al uso de add_query_arg sin el escape apropiado en la URL en todas las versiones hasta la 3.2.5 incluida. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •