CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13113 – Countdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13113
26 Feb 2025 — The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. • https://wpscan.com/vulnerability/ffc31d9d-d245-4c4b-992d-394a01798117 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13875 – WP Programmmanager <= 1.2 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13875
26 Feb 2025 — The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The WP-PManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page... • https://wpscan.com/vulnerability/82c54fb5-f1d9-4bae-a3de-d4335809b81c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13876 – Meintopf <= 0.2.1 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13876
26 Feb 2025 — The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The mEintopf plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages ... • https://wpscan.com/vulnerability/d80cd18a-065f-443b-b548-d780b785d68e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13877 – Passbeemedia Web Push Notifications <= 1.0.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13877
26 Feb 2025 — The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The Passbeemedia Web Push Notification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated... • https://wpscan.com/vulnerability/0e8ce3cf-1598-4c5d-b119-99d5f676e619 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13878 – SpotBot <= 0.1.8 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13878
26 Feb 2025 — The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The SpotBot plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th... • https://wpscan.com/vulnerability/882b2022-4ed6-4d9e-8b35-f48ea1580884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13880 – My Quota <= 1.0.8 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13880
26 Feb 2025 — The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The My Quota plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages ... • https://wpscan.com/vulnerability/bee3b002-e808-4402-8bf6-4375ed7b3807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13881 – LinkMyPosts <= 1.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13881
26 Feb 2025 — The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The Link My Posts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in ... • https://wpscan.com/vulnerability/900fa2c6-0cac-4920-aef2-e8b94248b62e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1232 – Site Reviews < 7.2.5 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2025-1232
26 Feb 2025 — The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks El complemento Site Reviews de WordPress anterior a la versión 7.2.5 no depura ni escapa correctamente algunos de sus campos de revisión, lo que podría permitir que usuarios no autenticados realicen ataques XSS almacenado. The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, a... • https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13602 – Poll Maker < 5.5.4 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13602
23 Feb 2025 — The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.3 due to insufficient input sanitization... • https://wpscan.com/vulnerability/05d5010b-94eb-4fd3-b962-e2a16c032b71 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1619 – GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1619
23 Feb 2025 — The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and includin... • https://wpscan.com/vulnerability/ae9bc19d-1634-4501-a258-8c56b2afee88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •