CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54224 – WordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54224
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.7. The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with c... • https://patchstack.com/database/wordpress/plugin/element-ready-lite/vulnerability/wordpress-elementsready-addons-for-elementor-plugin-6-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53797 – WordPress Beaver Builder – WordPress Page Builder plugin <= 2.8.4.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-53797
02 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3. The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject ar... • https://patchstack.com/database/wordpress/plugin/beaver-builder-lite-version/vulnerability/wordpress-beaver-builder-wordpress-page-builder-plugin-2-8-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52445 – WordPress QRMenu Restaurant QR Menu Lite plugin <= 1.0.3 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-52445
18 Nov 2024 — Deserialization of Untrusted Data vulnerability in Modeltheme QRMenu Restaurant QR Menu Lite allows Object Injection.This issue affects QRMenu Restaurant QR Menu Lite: from n/a through 1.0.3. La vulnerabilidad de deserialización de datos no confiables en Modeltheme QRMenu Restaurant QR Menu Lite permite la inyección de objetos. Este problema afecta a QRMenu Restaurant QR Menu Lite: desde n/a hasta 1.0.3. The QRMenu Restaurant QR Menu Lite plugin for WordPress is vulnerable to PHP Object Injection in version... • https://patchstack.com/database/vulnerability/qrmenu-lite/wordpress-qrmenu-restaurant-qr-menu-lite-plugin-1-0-3-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11140 – Real WP Shop Lite Ajax eCommerce Shopping Cart <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11140
12 Nov 2024 — The Real WP Shop Lite Ajax eCommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unf... • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51848 – WordPress Parallaxer plugin <= 1.00 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51848
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Zoom Studio Parallaxer allows Stored XSS.This issue affects Parallaxer: from n/a through 1.00. The Parallaxer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in... • https://patchstack.com/database/vulnerability/parallaxer-lite-parallax-effects-on-images/wordpress-parallaxer-plugin-1-00-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51705 – WordPress WP MMenu Lite plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51705
04 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in James Bruner WP MMenu Lite allows Reflected XSS.This issue affects WP MMenu Lite: from n/a through 1.0.0. The WP MMenu Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if ... • https://patchstack.com/database/vulnerability/wp-mmenu-lite/wordpress-wp-mmenu-lite-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51787 – WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51787
04 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.3. The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... • https://patchstack.com/database/vulnerability/element-ready-lite/wordpress-elementsready-addons-for-elementor-plugin-6-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51675 – WordPress aThemes Addons for Elementor plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51675
01 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows DOM-Based XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.7. The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve... • https://patchstack.com/database/vulnerability/athemes-addons-for-elementor-lite/wordpress-athemes-addons-for-elementor-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51580 – WordPress Clever Addons for Elementor plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51580
31 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.1. The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level a... • https://patchstack.com/database/vulnerability/cafe-lite/wordpress-clever-addons-for-elementor-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51627 – WordPress Audio Comparison Lite plugin <= 3.4 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51627
31 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kaedinger Audio Comparison Lite audio-comparison-lite allows Stored XSS.This issue affects Audio Comparison Lite: from n/a through 3.4. The Audio Comparison Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level ac... • https://patchstack.com/database/vulnerability/audio-comparison-lite/wordpress-audio-comparison-lite-plugin-3-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •