Medium
CVE-2025-22803
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Advanced Product Information for WooCommerce woo-advanced-product-information allows S…
Tag: Stored XSS
All CVEs associated with "Stored XSS". Page 20/45 • 5376 CVEs.
Subscribe CVEs: RSS for “Stored XSS” · RSS (High+Critical only)
About “Stored XSS”
A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-01-09
Medium
CVE-2025-22802
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – Ye…
Medium
CVE-2025-22801
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Free WooCommerce Theme 99fy Extension 99fy-core allows Stored XSS.This issue affects Fr…
High
CVE-2025-22295
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto…
2025-01-07
Medium
CVE-2025-22365
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a thr…
Medium
CVE-2025-22334
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0…
High
CVE-2025-22593
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burria Laika Pedigree Tree laika-pedigree-tree allows Stored XSS.This issue affects Laika Pedigre…
High
CVE-2025-22590
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere prayer-times-anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through <= 2.0.1.
High
CVE-2025-22589
Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet quote-tweet allows Stored XSS.This issue affects Quote Tweet: from n/a through <= 0.7.
High
CVE-2025-22582
Cross-Site Request Forgery (CSRF) vulnerability in Scott Nelle Uptime Robot uptime-robot allows Stored XSS.This issue affects Uptime Robot: from n/a through <= 0.1.3.
Medium
CVE-2025-22581
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bytephp Arcade Ready arcadeready allows Stored XSS.This issue affects Arcade Ready: from n/a thro…
Medium
CVE-2025-22580
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Auto IT Biltorvet Dealer Tools biltorvet-dealer-tools allows Stored XSS.This issue affects Biltor…
Medium
CVE-2025-22579
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly WP Header Notification wp-header-notification allows Stored XSS.This issue affects WP Head…
Medium
CVE-2025-22578
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aazztech WP Cookie wp-cookie allows Stored XSS.This issue affects WP Cookie: from n/a through <=…
Medium
CVE-2025-22574
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cleanshooter ICS Button ics-button allows Stored XSS.This issue affects ICS Button: from n/a thro…
Medium
CVE-2025-22573
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in copist Icons Enricher icons-enricher allows Stored XSS.This issue affects Icons Enricher: from n/…
Medium
CVE-2025-22572
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Legacy ePlayer sportspress-tv allows Stored XSS.This issue affects Legacy ePlayer: from n/a…
Medium
CVE-2025-22558
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue af…
Medium
CVE-2025-22554
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fdfranklin06 Video Embed Optimizer video-embed-optimizer allows Stored XSS.This issue affects Vid…
Medium
CVE-2025-22551
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in albedo0 Boot-Modal boot-modal allows Stored XSS.This issue affects Boot-Modal: from n/a through <…
Medium
CVE-2025-22550
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Rhoney AddFunc Mobile Detect addfunc-mobile-detect allows Stored XSS.This issue affects AddFu…
Medium
CVE-2025-22549
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seinoxygen WP Github wp-github allows Stored XSS.This issue affects WP Github: from n/a through <…
High
CVE-2025-22548
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in frankkoenen ldap_login_password_and_role_manager ldap-login-password-and-role-manager allows Stor…
High
CVE-2025-22547
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jaykrishnang JK Html To Pdf jk-html-to-pdf allows Stored XSS.This issue affects JK Html To Pdf: f…
Medium
CVE-2025-22546
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Obaid Hossain jQuery TwentyTwenty js-twentytwenty allows Stored XSS.This issue affects jQuery Twe…
Medium
CVE-2025-22545
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sw.galati iframe to embed iframe-to-embed allows Stored XSS.This issue affects iframe to embed: f…
Medium
CVE-2025-22544
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mind Doodle Mind Doodle Visual Sitemaps & Tasks mind-doodle-sitemap allows Stored XSS.This issue…
High
CVE-2025-22538
Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Stored XSS.This issue affects Virtual Bot: from n/a through <= 1.0.0.
Medium
CVE-2025-22532
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Simple Photo Sphere simple-photo-sphere allows Stored XSS.This issue affects Simple P…
Medium
CVE-2025-22531
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M Bilal M Urdu Formatter – Shamil urdu-formatter-shamil allows Stored XSS.This issue affects Urdu…
Medium
CVE-2025-22530
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PORTONE 아임포트 결제버튼 생성 플러그인 iamport-payment allows Stored XSS.This issue affects 아임포트 결제버튼 생성 플러그인:…
Medium
CVE-2025-22529
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordpresteem WE Blocks we-blocks allows Stored XSS.This issue affects WE Blocks: from n/a through…
Medium
CVE-2025-22528
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huurkalender.nl Huurkalender WP huurkalender-wp allows Stored XSS.This issue affects Huurkalender…
Medium
CVE-2025-22525
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bharat Kambariya Donation Block For PayPal donations-block allows Stored XSS.This issue affects D…
Medium
CVE-2025-22524
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formafzar فرم ساز فرم افزار formafzar allows Stored XSS.This issue affects فرم ساز فرم افزار: fro…
High
CVE-2025-22522
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roya khosravi SingSong singsong allows Stored XSS.This issue affects SingSong: from n/a through <…
Medium
CVE-2025-22518
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsPoint Justified Image Gallery justified-image-gallery allows Stored XSS.This issue affects…
Medium
CVE-2025-22517
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Huson List Pages at Depth list-pages-at-depth allows Stored XSS.This issue affects List Pages…
Medium
CVE-2025-22516
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hpinfosys Metadata SEO metadata-seo allows Stored XSS.This issue affects Metadata SEO: from n/a t…
Medium
CVE-2025-22515
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simon Show Google Analytics widget show-google-analytics-widget allows Stored XSS.This issue affe…
Medium
CVE-2025-22511
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ella Van Durpe Slides & Presentations slide allows Stored XSS.This issue affects Slides & Present…
Medium
CVE-2025-22362
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Bakovic WPAchievements Free wpachievements-free allows Stored XSS.This issue affects WPAch…
High
CVE-2025-22343
Cross-Site Request Forgery (CSRF) vulnerability in koter84 wpSOL wpsol allows Stored XSS.This issue affects wpSOL: from n/a through <= 1.2.0.
High
CVE-2025-22342
Cross-Site Request Forgery (CSRF) vulnerability in Jenst WP Simple Sitemap wp-simple-sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through <= 0.2.
High
CVE-2025-22336
Cross-Site Request Forgery (CSRF) vulnerability in Amos Lee(一刀) Wizhi Multi Filters by Wenprise wizhi-multi-filters allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a thro…
Medium
CVE-2025-22333
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Addons For Elementor piotnet-addons-for-elementor allows Stored XSS.This is…
High
CVE-2025-22328
Cross-Site Request Forgery (CSRF) vulnerability in Elevio by Dixa Elevio elevio allows Stored XSS.This issue affects Elevio: from n/a through <= 4.4.1.
Medium
CVE-2025-22327
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer EO4WP fw-integration-for-emailoctopus allows Stored XSS.This issue affects EO4WP: fr…
High
CVE-2025-22325
Cross-Site Request Forgery (CSRF) vulnerability in nchankov Autocompleter autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through <= 1.3.5.2.
Medium
CVE-2025-22323
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Image Hover Effects for Elementor image-hover-effects-elementor-addon allows Stored…
Medium
CVE-2025-22321
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TheInnovs ElementsCSS Addons for Elementor css-for-elementor allows Stored XSS.This issue affects…
Medium
CVE-2025-22316
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.Thi…
Medium
CVE-2025-22315
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Typing Text typing-text allows Stored XSS.This issue affects Typing Text: from n/a th…
Medium
CVE-2025-22310
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marsian TemplatesNext ToolKit templatesnext-toolkit allows Stored XSS.This issue affects Template…
Medium
CVE-2025-22308
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takashi Kitajima Smart Custom Fields smart-custom-fields allows Stored XSS.This issue affects Sma…
Medium
CVE-2025-22261
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Stored XSS.This issue affects WP Full…
High
CVE-2024-56299
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pektsekye Notify Odoo notify-odoo allows Stored XSS.This issue affects Notify Odoo: from n/a thro…
Medium
CVE-2024-56298
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob @ 5 Star Plugins Pretty Simple Popup Builder pretty-simple-popup-builder allows Stored XSS.Th…
Medium
CVE-2024-56297
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Highlight highlight allows Stored XSS.This issue affects Highlight: from n/a through…
Medium
CVE-2024-56293
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Ahmed Advanced Form Integration advanced-form-integration allows Stored XSS.This issue affe…
Medium
CVE-2024-56292
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Email Reminders email-reminders allows Stored XSS.This issue affects Email Reminders: f…
Medium
CVE-2024-56288
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs wp-docs allows Stored XSS.This issue affects WP Docs: from n/a through <= 2…
Medium
CVE-2024-56287
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AppJetty WP jQuery DataTable wp-jquery-datatable allows Stored XSS.This issue affects WP jQuery D…
Medium
CVE-2024-56285
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.Thi…
Medium
CVE-2024-56274
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets:…
High
CVE-2024-51700
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eutrue NAVER Analytics naver-analytics allows Stored XSS.This issue affects NAVER Analytics: from…
2025-01-06
High
CVE-2024-55074
The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.
2025-01-02
Medium
CVE-2024-56302
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jorisderuiter ConvertCalculator for WordPress convertcalculator allows Stored XSS.This issue affe…
High
CVE-2024-56267
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in html5maps Interactive UK Map interactive-uk-map allows Stored XSS.This issue affects Interactive…
Medium
CVE-2024-56262
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Coaches gs-coach allows Stored XSS.This issue affects GS Coaches: from n/a through…
Medium
CVE-2024-56261
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins Project Showcase gs-projects allows Stored XSS.This issue affects Project Showcase: fr…
Medium
CVE-2024-56260
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StorePlugin ShopElement shopelement allows Stored XSS.This issue affects ShopElement: from n/a th…
Medium
CVE-2024-56259
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a throu…
Medium
CVE-2024-56258
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlockArt Magazine Blocks magazine-blocks allows Stored XSS.This issue affects Magazine Blocks: fr…
Medium
CVE-2024-56254
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor move-addons allows Stored XSS.This issue affects Move Addons…
Medium
CVE-2024-56252
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a t…
Medium
CVE-2024-56245
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress premium-blocks-for-gutenberg allows Stored…
Medium
CVE-2024-56242
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Stored XSS.This issue affects Arconix…
Medium
CVE-2024-56241
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Stored XSS.This is…
Medium
CVE-2024-56240
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pronamic Pronamic Google Maps pronamic-google-maps allows Stored XSS.This issue affects Pronamic…
Medium
CVE-2024-56239
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Audio Dock themify-audio-dock allows Stored XSS.This issue affects Themify Audi…
Medium
CVE-2024-56237
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Stored XSS.Thi…
Medium
CVE-2024-56019
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gavinr Inline Footnotes inline-footnotes allows Stored XSS.This issue affects Inline Footnotes: f…
2025-01-01
Medium
CVE-2024-56021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibnuyahya Category Post Shortcode category-post-shortcode allows Stored XSS.This issue affects Ca…
Medium
CVE-2024-56020
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in svegliadesign SvegliaT Buttons svegliat-buttons allows Stored XSS.This issue affects SvegliaT But…
2024-12-31
Medium
CVE-2024-56063
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.…
Medium
CVE-2024-56062
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal…
High
CVE-2024-56233
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kinhelios KinTPV WooConnect kintpv-connect allows Stored XSS.This issue affects KinTPV WooConnect…
Medium
CVE-2024-56224
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ledenbeheer Ledenbeheer ledenbeheer-external-connection allows Stored XSS.This issue affects Lede…
Medium
CVE-2024-56221
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elicus WPMozo Addons Lite for Elementor wpmozo-addons-lite-for-elementor allows Stored XSS.This i…
High
CVE-2024-56232
Cross-Site Request Forgery (CSRF) vulnerability in Alex Volkov WP Nice Loader wp-nice-loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through <= 0.1.0.4.
2024-12-27
High
CVE-2024-56508
LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functional…
2024-12-21
Medium
CVE-2024-11607
The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin ad…
2024-12-20
Medium
CVE-2024-56352
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
2024-12-18
High
CVE-2024-54350
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hjyl hmd hmd allows Stored XSS.This issue affects hmd: from n/a through <= 2.0.
2024-12-16
High
CVE-2024-56017
Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored XSS.This issue affects Stop Registration Spam: from n/a through 1.23.
Medium
CVE-2024-54348
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yaycommerce Brand brand allows Stored XSS.This issue affects Brand: from n/a through <= 1.1.6.
Medium
CVE-2024-56011
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov Responsive Google Maps | by imbaa responsive-google-maps allows Stored XSS.This issue…
Medium
CVE-2024-54443
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsCafe Advanced Data Table For Elementor advanced-data-table-for-elementor allows Stored XSS…
Medium
CVE-2024-54442
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cortesfrau Better WP Login Page better-wp-login-page allows Stored XSS.This issue affects Better…
Medium
CVE-2024-54441
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meini Utech World Time utech-world-time-for-wp allows Stored XSS.This issue affects Utech World T…
High
CVE-2024-54440
Cross-Site Request Forgery (CSRF) vulnerability in blueskyy WP-Ban-User wp-ban-user allows Stored XSS.This issue affects WP-Ban-User: from n/a through <= 1.0.
High
CVE-2024-54439
Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price amazon-product-price allows Stored XSS.This issue affects Amazon Product Price: from n/a through <= 1.1.
High
CVE-2024-54438
Cross-Site Request Forgery (CSRF) vulnerability in gaxx Gaxx Keywords gaxx-keywords allows Stored XSS.This issue affects Gaxx Keywords: from n/a through <= 0.2.
High
CVE-2024-54437
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in koolkatwebdesigns jCarousel jcarousel-for-wordpress allows Stored XSS.This issue affects jCarouse…
High
CVE-2024-54436
Cross-Site Request Forgery (CSRF) vulnerability in milordk Jet Footer Code jet-footer-code allows Stored XSS.This issue affects Jet Footer Code: from n/a through <= 1.4.
High
CVE-2024-54435
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Onlywire Multi Autosubmitter onlywire-multi-autosubmitter allows Stored XSS.This issue affects Onlywire Multi Autosubmitter: from n/a…
High
CVE-2024-54434
Cross-Site Request Forgery (CSRF) vulnerability in BenJemin phZoom phzoom allows Stored XSS.This issue affects phZoom: from n/a through <= 1.2.92.
High
CVE-2024-54433
Cross-Site Request Forgery (CSRF) vulnerability in Marcel CL Simple Booking Widget simple-booking-widget allows Stored XSS.This issue affects Simple Booking Widget: from n/a through <= 1.1.
High
CVE-2024-54432
Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik WP Flipkart Importer wp-flipkart-importer allows Stored XSS.This issue affects WP Flipkart Importer: from n/a through <= 1.4.
High
CVE-2024-54431
Cross-Site Request Forgery (CSRF) vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through <= 2.2.
High
CVE-2024-54429
Cross-Site Request Forgery (CSRF) vulnerability in ivan-ovsyannikov Aphorismus aphorismus allows Stored XSS.This issue affects Aphorismus: from n/a through <= 1.2.0.
High
CVE-2024-54428
Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post add-image-to-post allows Stored XSS.This issue affects Add image to Post: from n/a through <= 0.6.
High
CVE-2024-54427
Cross-Site Request Forgery (CSRF) vulnerability in ljmacphee Category of Posts list-one-category-of-posts allows Stored XSS.This issue affects Category of Posts: from n/a through <= 1.0.
High
CVE-2024-54426
Cross-Site Request Forgery (CSRF) vulnerability in crossfitatgg LeaderBoard Plugin leaderboard-lite allows Stored XSS.This issue affects LeaderBoard Plugin: from n/a through <= 1.2.4.
High
CVE-2024-54425
Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.com LionScripts: Site Maintenance & Noindex Nofollow Plugin maintenance-and-noindex-nofollow allows Stored XSS.This issue affects LionSc…
High
CVE-2024-54424
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilya_compman Like in Vk.com like-on-vkontakte allows Stored XSS.This issue affects Like in Vk.com…
High
CVE-2024-54423
Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing social-media-sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through <= 1.1.
High
CVE-2024-54421
Cross-Site Request Forgery (CSRF) vulnerability in Sanjay_Negi Floating Video Player floating-player allows Stored XSS.This issue affects Floating Video Player: from n/a through <= 1.0.
High
CVE-2024-54416
Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Wp Login with Ajax wp-login-with-ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through <= 0.6.