Page 28 of 8348 results (0.035 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13679 – Widget BUY.BOX <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2024-13679

18 Feb 2025 — The Widget BUY.BOX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buybox-widget' shortcode in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-11778 – CanadaHelps Embedded Donation <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2024-11778

18 Feb 2025 — The CanadaHelps Embedded Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedcdn' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. ... The CanadaHelps Embedded Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedcdn' shortcode in all versions up to, and including, 1.0.1 due to insufficient input saniti... • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13674 – Cosmic Blocks (40+) Content Editor Blocks Collection <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2024-13674

18 Feb 2025 — The Cosmic Blocks (40+) Content Editor Blocks Collection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cwp_social_share' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13462 – WP Wiki Tooltip <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2024-13462

18 Feb 2025 — The WP Wiki Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wiki' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13736 – <= 2.31 - Reflected Cross-Site Scripting via purechatWidgetName Parameter

https://notcve.org/view.php?id=CVE-2024-13736

18 Feb 2025 — plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘purechatWidgetName’ parameter in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping. ... plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘purechatWidgetName’ parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-4028 – Keycloak-core: stored xss in keycloak when creating a items in admin console

https://notcve.org/view.php?id=CVE-2024-4028

18 Feb 2025 — This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack. • https://access.redhat.com/security/cve/CVE-2024-4028 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-11582 – Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter

https://notcve.org/view.php?id=CVE-2024-11582

18 Feb 2025 — The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13443 – Easypromos Plugin <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

https://notcve.org/view.php?id=CVE-2024-13443

18 Feb 2025 — The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13508 – Booking Package <= 1.6.72 - Reflected Cross-Site Scripting via Locale Parameter

https://notcve.org/view.php?id=CVE-2024-13508

18 Feb 2025 — The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13743 – Wonder Video Embed <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

https://notcve.org/view.php?id=CVE-2024-13743

18 Feb 2025 — The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderplugin_video shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •