CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10566 – Slider by 10Web < 1.2.62 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10566
25 Mar 2025 — The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/a98a7f11-4c01-4b91-8adc-465beefa310a •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10565 – Slider by 10Web < 1.2.62 - Admin+ Stored XSS via Widget
https://notcve.org/view.php?id=CVE-2024-10565
25 Mar 2025 — The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/4ef05302-a6ca-4816-ab0d-a4e3bf7a5e22 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10560 – Form Maker by 10Web < 1.15.30 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10560
25 Mar 2025 — The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/80298c89-544d-4894-a837-253f5f26cf42 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10554 – WP-Advanced-Search < 3.3.9.3 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10554
25 Mar 2025 — The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/7c15b082-caa5-4cf2-9986-2eb519dcb7c5 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10472 – Stylish Price List < 7.1.12 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10472
25 Mar 2025 — The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/d79e5c05-26d0-4223-891f-42ac9fb6ef6e •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10105 – Jobs for WordPress < 2.7.11 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10105
25 Mar 2025 — The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/4477db12-26e9-4c6d-8b71-f3f6a0d19813 •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-10208 – Cross Site Scripting vulnerability in APROL Web Portal
https://notcve.org/view.php?id=CVE-2024-10208
25 Mar 2025 — An Improper Neutralization of Input During Web Page Generation vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to insert malicious code which is then executed in the context of the user’s browser session. • https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-55029
https://notcve.org/view.php?id=CVE-2024-55029
25 Mar 2025 — NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. • https://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13690 – WP Church Donation <= 1.7 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13690
24 Mar 2025 — The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13731 – Alert Box Block – Display notice/alerts in the front end <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block
https://notcve.org/view.php?id=CVE-2024-13731
24 Mar 2025 — The Alert Box Block – Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •