Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3343 | 1 Themeisle | 1 Otter Blocks | 2025-01-22 | N/A | 6.4 MEDIUM |
|
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected pa ...
Show More |
|||||
| CVE-2024-3344 | 1 Themeisle | 1 Otter Blocks | 2025-01-22 | N/A | 6.4 MEDIUM |
|
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-28517 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2025-01-22 | N/A | 5.4 MEDIUM |
|
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250421.
|
|||||
| CVE-2024-47364 | 1 Moveaddons | 1 Move Addons For Elementor | 2025-01-22 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Move addons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.4.
|
|||||
| CVE-2024-47392 | 1 Bdthemes | 1 Element Pack | 2025-01-22 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.7.5.
|
|||||
| CVE-2024-47390 | 1 Jegtheme | 1 Jeg Elementor Kit | 2025-01-22 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.8.
|
|||||
| CVE-2023-31703 | 1 Escanav | 1 Escan Management Console | 2025-01-22 | N/A | 9.0 CRITICAL |
|
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.
|
|||||
| CVE-2023-31699 | 1 Churchcrm | 1 Churchcrm | 2025-01-22 | N/A | 4.8 MEDIUM |
|
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
|
|||||
| CVE-2024-56254 | 1 Moveaddons | 1 Move Addons For Elementor | 2025-01-22 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.6.
|
|||||
| CVE-2024-56252 | 1 Themelooks | 1 Enter Addons | 2025-01-22 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.9.
|
|||||
| CVE-2024-31306 | 1 Wpdeveloper | 1 Essential Blocks | 2025-01-22 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3.
|
|||||
| CVE-2024-1421 | 1 Hasthemes | 1 Ht Mega | 2025-01-22 | N/A | 6.4 MEDIUM |
|
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-1397 | 1 Hasthemes | 1 Ht Mega | 2025-01-22 | N/A | 6.4 MEDIUM |
|
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-1412 | 1 Caseproof | 1 Memberpress | 2025-01-22 | N/A | 6.1 MEDIUM |
|
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note - the issue was partially patched in 1.11.25, but could still po ...
Show More |
|||||
| CVE-2024-1408 | 1 Properfraction | 1 Profilepress | 2025-01-22 | N/A | 6.4 MEDIUM |
|
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes such as 'type'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary ...
Show More |
|||||
| CVE-2024-1519 | 1 Properfraction | 1 Profilepress | 2025-01-22 | N/A | 6.5 MEDIUM |
|
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires a member list ...
Show More |
|||||
| CVE-2024-1570 | 1 Properfraction | 1 Profilepress | 2025-01-22 | N/A | 6.4 MEDIUM |
|
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages ...
Show More |
|||||
| CVE-2025-23992 | 2025-01-22 | N/A | 5.9 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leetoo Toocheke Companion allows Stored XSS. This issue affects Toocheke Companion: from n/a through 1.166.
|
|||||
| CVE-2025-23809 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Blue Wrench Video Widget allows Reflected XSS. This issue affects Blue Wrench Video Widget: from n/a through 2.1.0.
|
|||||
| CVE-2025-24027 | 2025-01-22 | N/A | 6.2 MEDIUM | ||
|
ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if the shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored cross-site scripting in formatting objects. Commit d60f9a5634b4fc2d3a8831fb08fe2e1f23cbf ...
Show More |
|||||
| CVE-2025-23966 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlaFalaki a Gateway for Pasargad Bank on WooCommerce allows Reflected XSS. This issue affects a Gateway for Pasargad Bank on WooCommerce: from n/a through 2.5.2.
|
|||||
| CVE-2025-23959 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linus Lundahl Good Old Gallery allows Reflected XSS. This issue affects Good Old Gallery: from n/a through 2.1.2.
|
|||||
| CVE-2025-23882 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Download Codes allows Reflected XSS. This issue affects WP Download Codes: from n/a through 2.5.4.
|
|||||
| CVE-2025-23874 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Block Pack allows Reflected XSS. This issue affects WP Block Pack: from n/a through 1.1.6.
|
|||||
| CVE-2025-23867 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WordPress File Search allows Reflected XSS. This issue affects WordPress File Search: from n/a through 1.2.
|
|||||
| CVE-2025-23866 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound EU DSGVO Helper allows Reflected XSS. This issue affects EU DSGVO Helper: from n/a through 1.0.6.1.
|
|||||
| CVE-2025-23846 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kolja Nolte Flexible Blogtitle allows Reflected XSS. This issue affects Flexible Blogtitle: from n/a through 0.1.
|
|||||
| CVE-2025-23812 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows Reflected XSS. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1.
|
|||||
| CVE-2025-23811 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP2APP allows Reflected XSS. This issue affects WP2APP: from n/a through 2.6.2.
|
|||||
| CVE-2025-23770 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Fast Tube allows Reflected XSS. This issue affects Fast Tube: from n/a through 2.3.1.
|
|||||
| CVE-2025-23769 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Content Mirror allows Reflected XSS. This issue affects Content Mirror: from n/a through 1.2.
|
|||||
| CVE-2025-23768 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound InFunding allows Reflected XSS. This issue affects InFunding: from n/a through 1.0.
|
|||||
| CVE-2025-23758 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pootle button allows Reflected XSS. This issue affects Pootle button: from n/a through 1.2.0.
|
|||||
| CVE-2025-23746 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CMC MIGRATE allows Reflected XSS. This issue affects CMC MIGRATE: from n/a through 0.0.3.
|
|||||
| CVE-2025-23732 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Filtering allows Reflected XSS. This issue affects Easy Filtering: from n/a through 2.5.0.
|
|||||
| CVE-2025-23709 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kiro G. Formatted post allows Reflected XSS. This issue affects Formatted post: from n/a through 1.01.
|
|||||
| CVE-2025-23706 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Jet Skinner for BuddyPress allows Reflected XSS. This issue affects Jet Skinner for BuddyPress: from n/a through 1.2.5.
|
|||||
| CVE-2025-23701 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Blackford, LimeSquare Pty Ltd Lime Developer Login allows Reflected XSS. This issue affects Lime Developer Login: from n/a through 1.4.0.
|
|||||
| CVE-2025-23683 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MACME allows Reflected XSS. This issue affects MACME: from n/a through 1.2.
|
|||||
| CVE-2025-23682 | 2025-01-22 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Preloader Quotes allows Reflected XSS. This issue affects Preloader Quotes: from n/a through 1.0.0.
|
|||||