CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13113 – Countdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13113
26 Feb 2025 — The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. • https://wpscan.com/vulnerability/ffc31d9d-d245-4c4b-992d-394a01798117 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13875 – WP Programmmanager <= 1.2 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13875
26 Feb 2025 — The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The WP-PManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. • https://wpscan.com/vulnerability/82c54fb5-f1d9-4bae-a3de-d4335809b81c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13876 – Meintopf <= 0.2.1 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13876
26 Feb 2025 — The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The mEintopf plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. • https://wpscan.com/vulnerability/d80cd18a-065f-443b-b548-d780b785d68e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13877 – Passbeemedia Web Push Notifications <= 1.0.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13877
26 Feb 2025 — The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The Passbeemedia Web Push Notification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. • https://wpscan.com/vulnerability/0e8ce3cf-1598-4c5d-b119-99d5f676e619 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13878 – SpotBot <= 0.1.8 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13878
26 Feb 2025 — The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The SpotBot plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1.8 due to insufficient input sanitization and output escaping. • https://wpscan.com/vulnerability/882b2022-4ed6-4d9e-8b35-f48ea1580884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13880 – My Quota <= 1.0.8 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13880
26 Feb 2025 — The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The My Quota plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. • https://wpscan.com/vulnerability/bee3b002-e808-4402-8bf6-4375ed7b3807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13881 – LinkMyPosts <= 1.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13881
26 Feb 2025 — The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The Link My Posts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. • https://wpscan.com/vulnerability/900fa2c6-0cac-4920-aef2-e8b94248b62e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13402 – BuddyBoss Platform <= 2.7.70 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'link_title'
https://notcve.org/view.php?id=CVE-2024-13402
26 Feb 2025 — The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46226
https://notcve.org/view.php?id=CVE-2024-46226
26 Feb 2025 — A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket. • https://www.exploit-db.com/exploits/52068 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-57423
https://notcve.org/view.php?id=CVE-2024-57423
26 Feb 2025 — A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function. • https://github.com/harshad-alt/CVE/blob/main/CVE-2024-57423.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •