CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-27584
https://notcve.org/view.php?id=CVE-2025-27584
03 Mar 2025 — A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update. • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-27585
https://notcve.org/view.php?id=CVE-2025-27585
03 Mar 2025 — A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update. • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13727 – MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13727
02 Mar 2025 — The MemberSpace – Membership Plugin and Paid Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13124 – Photo Gallery by 10Web < 1.8.33 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13124
02 Mar 2025 — The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery Titles in all versions up to, and including, 1.8.32 due to insu... • https://wpscan.com/vulnerability/5b3bf87b-73a1-47e8-bb00-0dfded07b191 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10558 – Form Maker by 10Web < 1.15.30 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10558
02 Mar 2025 — The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15... • https://wpscan.com/vulnerability/7028db78-2870-48d5-b06b-480ac8be3655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13382 – Calculated Fields Form <= 5.2.63 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13382
02 Mar 2025 — The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.2.63 due to insufficient input sanitization and output escaping. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13559 – TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2024-13559
28 Feb 2025 — The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tx_woo_wishlist_table' shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9212 – SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-9212
28 Feb 2025 — The SKU Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.2. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9217 – Currency Switcher for WooCommerce <= 2.16.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-9217
28 Feb 2025 — The Currency Switcher for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.16.2. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13901 – Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13901
28 Feb 2025 — The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •