CVE-2024-13590 – Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13590
21 Jan 2025 — The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-13426 – WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13426
21 Jan 2025 — However, a properly configured payload allows for the injection of malicious JavaScript resulting in Stored Cross-Site Scripting. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-56277 – WordPress Poll Maker Plugin < 5.5.5 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-56277
21 Jan 2025 — Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-5-html-injection-vulnerability?_s_id=cve • CWE-116: Improper Encoding or Escaping of Output •
CVE-2024-49700 – WordPress ARPrice plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49700
21 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ARPrice allows Reflected XSS. • https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-49300 – WordPress Hero Menu plugin <= 1.16.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49300
21 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. • https://patchstack.com/database/wordpress/plugin/hmenu/vulnerability/wordpress-hero-menu-plugin-1-16-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-12117 – Stackable – Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12117
21 Jan 2025 — The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-13406 – XML for Google Merchant Center <= 3.0.11 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13406
21 Jan 2025 — The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient input sanitization and output escaping. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-13584 – Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13584
21 Jan 2025 — The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping on user supplied attributes. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-54795
https://notcve.org/view.php?id=CVE-2024-54795
21 Jan 2025 — SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function. • https://github.com/MarioTesoro/CVE-2024-54795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-56990
https://notcve.org/view.php?id=CVE-2024-56990
21 Jan 2025 — PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php. • https://github.com/kirito999/HMS_stored_XSS/blob/main/stored%20XSS1%20%20in%20HMS4.0/stored%20XSS%20%20in%20HMS.md •