CVE Daily
← All tags

Tag: Stored XSS

All CVEs associated with "Stored XSS". Page 21/45 • 5376 CVEs.

Subscribe CVEs: RSS for “Stored XSS”  ·  RSS (High+Critical only)

About “Stored XSS”

A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-12-16
High

CVE-2024-54415

Cross-Site Request Forgery (CSRF) vulnerability in cconoly WP-HideThat wp-hide-that allows Stored XSS.This issue affects WP-HideThat: from n/a through <= 1.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54414

Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through <= 2.4.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54413

Cross-Site Request Forgery (CSRF) vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through <= 0.2.3.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54412

Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Product Carousel ect-product-carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through <= 1.9.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54411

Cross-Site Request Forgery (CSRF) vulnerability in hosting.io WP Controller wp-management-controller allows Stored XSS.This issue affects WP Controller: from n/a through <= 3.2.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54410

Cross-Site Request Forgery (CSRF) vulnerability in eagerterrier SOPA Blackout sopa-blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through <= 1.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54409

Cross-Site Request Forgery (CSRF) vulnerability in fzmaster XPD Reduce Image Filesize xpd-reduce-image-filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through <= 1.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54407

Cross-Site Request Forgery (CSRF) vulnerability in a328496647 CK and SyntaxHighlighter ck-and-syntaxhighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through <= 3.4.…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54405

Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Social Share ect-social-share allows Stored XSS.This issue affects ECT Social Share: from n/a through <= 1.3.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54404

Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar mdc-comment-toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through <= 1.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54401

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through <= 1.1.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54400

Cross-Site Request Forgery (CSRF) vulnerability in meloniq AppMaps appmaps allows Stored XSS.This issue affects AppMaps: from n/a through <= 1.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54399

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button crudlab-google-plus allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through <= 1.0.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54398

Cross-Site Request Forgery (CSRF) vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through <= 1.0.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54397

Cross-Site Request Forgery (CSRF) vulnerability in antonio.gocaj Go Animate goanimate allows Stored XSS.This issue affects Go Animate: from n/a through <= 1.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54394

Cross-Site Request Forgery (CSRF) vulnerability in khubbaib Mandrill WP email-form-under-post allows Stored XSS.This issue affects Mandrill WP: from n/a through <= 1.0.5.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54393

Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle wp-fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through <= 1.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54392

Cross-Site Request Forgery (CSRF) vulnerability in midoks WP微信机器人 wp-weixin-robot allows Stored XSS.This issue affects WP微信机器人: from n/a through <= 5.3.5.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54391

Cross-Site Request Forgery (CSRF) vulnerability in mattwalters WordPress Filter wordpress-filter allows Stored XSS.This issue affects WordPress Filter: from n/a through <= 1.4.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-54354

Missing Authorization vulnerability in beat.k Termin-Kalender termin-kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through <= 0.99.47.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-54353

Cross-Site Request Forgery (CSRF) vulnerability in wpgear Hack-Info hack-info allows Stored XSS.This issue affects Hack-Info: from n/a through <= 3.17.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54332

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates wp-currency-exchange-rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through <=…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54331

Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through <= 1.7.3.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2024-12-13
High

CVE-2024-54351

Cross-Site Request Forgery (CSRF) vulnerability in Thomas K Landis Fancy Roller Scroller fancy-roller-scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through <= 1.4.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-54349

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mashiurz Plain Post plain-post allows Stored XSS.This issue affects Plain Post: from n/a through…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-54337

Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site devrix-dark-site allows Stored XSS.This issue affects DX Dark Site: from n/a through <= 1.0.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-54318

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicejob NiceJob nicejob allows Stored XSS.This issue affects NiceJob: from n/a through <= 3.6.5.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54317

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories web-stories allows Stored XSS.This issue affects Web Stories: from n/a through…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54314

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54308

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Cryptocurrency Price Widget cryptocurrency-price-widget allows Stored XSS.This issue a…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54287

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer Advanced Blog Post Block advanced-blog-post-block allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54286

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smaily Smaily for WP smaily-for-wp allows Stored XSS.This issue affects Smaily for WP: from n/a t…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54276

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devfelixmoira Poll Builder poll-builder allows Stored XSS.This issue affects Poll Builder: from n…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54272

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks radius-blocks allows Stored XSS.This issue affects Radius Blocks: from…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54246

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs faqs allows Stored XSS.This issue affects FAQs: from n/a through <= 1.0.2.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54245

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients clients allows Stored XSS.This issue affects Clients: from n/a through <= 1.1.4.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54244

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Easy Replace easy-replace allows Stored XSS.This issue affects Easy Replace: from n/a th…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54243

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Echoza echoza allows Stored XSS.This issue affects Echoza: from n/a through <= 0.1.1.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-11986

Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard funct…

CVSS: 9.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-12-12
Medium

CVE-2024-47947

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configur…

CVSS: 4.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-36498

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configur…

CVSS: 4.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-12-09
Medium

CVE-2024-54260

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affe…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54247

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABCBiz ABCBiz Addons and Templates for Elementor allows Stored XSS.This issue affects ABCBiz Addo…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54232

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RRDevs RRAddons for Elementor rrdevs-for-elementor allows Stored XSS.This issue affects RRAddons…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-54226

Cross-Site Request Forgery (CSRF) vulnerability in karlkiesinger Country Blocker country-blocker allows Stored XSS.This issue affects Country Blocker: from n/a through <= 3.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54220

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roninwp FAT Services Booking fat-services-booking allows Stored XSS.This issue affects FAT Servic…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-49158

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.This issue affects LadiApp: from n/a through <= 4.…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2023-30748

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-12-06
Medium

CVE-2024-54213

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zionbuilder ZionBuilder zionbuilder allows Stored XSS.This issue affects ZionBuilder: from n/a th…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54212

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54210

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codexshaper Advanced Element Bucket Addons for Elementor cs-element-bucket allows Stored XSS.This…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54207

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows Stored XSS.This issue affects WordPress Auct…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54206

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in URBAN BASE Z-Downloads z-downloads allows Stored XSS.This issue affects Z-Downloads: from n/a thr…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53820

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Stored XSS.This issue affects Captivate…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53802

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra futurio-extra allows Stored XSS.This issue affects Futurio Extra: from n/…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53801

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Bui…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53797

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Stored XSS.This issue affects Be…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53794

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryo Arkhe Blocks arkhe-blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-12-04
Medium

CVE-2024-54675

app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-54674

app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-12-02
High

CVE-2024-53789

Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about advanced-what-should-we-write-about-next allows Stored XSS.This issue affects Advanced What sh…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53781

Cross-Site Request Forgery (CSRF) vulnerability in homejunction SpatialMatch IDX spatialmatch-free-lifestyle-search allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through <= 3.0.9.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53780

Cross-Site Request Forgery (CSRF) vulnerability in rajeevglocify Load More Posts load-more-posts allows Stored XSS.This issue affects Load More Posts: from n/a through <= 1.5.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53779

Cross-Site Request Forgery (CSRF) vulnerability in 8bitkid Yahoo! WebPlayer yahoo-media-player allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through <= 2.0.6.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53777

Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Simple Header and Footer simple-header-and-footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through <=…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53776

Cross-Site Request Forgery (CSRF) vulnerability in raphaelheide Donate Me donate-me allows Stored XSS.This issue affects Donate Me: from n/a through <= 1.2.5.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53770

Cross-Site Request Forgery (CSRF) vulnerability in pbmacintyre RingCentral Communications rccp-free allows Stored XSS.This issue affects RingCentral Communications: from n/a through <= 1.7.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53769

Cross-Site Request Forgery (CSRF) vulnerability in lriaudel Custom Post Type to Map Store cpt-to-map-store allows Stored XSS.This issue affects Custom Post Type to Map Store: from n/a through <= 1.1.…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53765

Cross-Site Request Forgery (CSRF) vulnerability in Think201 Mins To Read mins-to-read allows Stored XSS.This issue affects Mins To Read: from n/a through <= 1.2.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53762

Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Stored XSS.This issue affects FastBook: from n/a through…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53759

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Planet Studio ArCa Payment Gateway arca-payment-gateway allows Stored XSS.This issue affects ArCa…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-53755

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser third-party-cookie-eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53753

Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBooking Hotel Booking Engine cultbooking-booking-engine allows Stored XSS.This issue affects CultBooking Hotel Booking Engine: from…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53730

Cross-Site Request Forgery (CSRF) vulnerability in springthistle April's Call Posts aprils-call-posts allows Stored XSS.This issue affects April's Call Posts: from n/a through <= 2.1.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53729

Cross-Site Request Forgery (CSRF) vulnerability in plumwd Blizzard Quotes blizzard-quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through <= 1.3.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53728

Cross-Site Request Forgery (CSRF) vulnerability in Oliver Lindner Protect Your Content protect-your-content allows Stored XSS.This issue affects Protect Your Content: from n/a through <= 1.0.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53727

Cross-Site Request Forgery (CSRF) vulnerability in Lars Koudal LinkLaunder SEO linklaunder-seo-plugin allows Stored XSS.This issue affects LinkLaunder SEO: from n/a through <= 0.92.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53726

Cross-Site Request Forgery (CSRF) vulnerability in RealtyCandy.com RealtyCandy IDX Broker Extended realtycandy-idx-broker-extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53724

Cross-Site Request Forgery (CSRF) vulnerability in ronnybull IceStats icestats allows Stored XSS.This issue affects IceStats: from n/a through <= 1.3.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53723

Cross-Site Request Forgery (CSRF) vulnerability in acbaltaci Google Plus Share and +1 Button google-plus-share-and-plusone-button allows Stored XSS.This issue affects Google Plus Share and +1 Button:…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53722

Cross-Site Request Forgery (CSRF) vulnerability in rockemmusic Favicon My Blog favicon-my-blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through <= 1.0.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-53721

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stachethemes Advanced Event Manager advanced-event-manager allows Stored XSS.This issue affects A…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-53720

Cross-Site Request Forgery (CSRF) vulnerability in ole1986 WP-ISPConfig 3 wp-ispconfig3 allows Stored XSS.This issue affects WP-ISPConfig 3: from n/a through <= 1.5.6.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53719

Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax – Ajax Navigation zajax-ajax-navigation allows Stored XSS.This issue affects Zajax – Ajax Navigation: from n/a through <= 0.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53718

Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through <= 2.2.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53717

Cross-Site Request Forgery (CSRF) vulnerability in yonisink yPHPlista yphplista allows Stored XSS.This issue affects yPHPlista: from n/a through <= 1.1.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53716

Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top wp-auto-top allows Stored XSS.This issue affects wp auto top: from n/a through <= 2.9.3.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53715

Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map simple-travel-map allows Stored XSS.This issue affects Simple Travel Map: from n/a through <= 0.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53714

Cross-Site Request Forgery (CSRF) vulnerability in Irish_Cathal Continue Shopping From Cart continue-shopping-from-cart-page allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53713

Cross-Site Request Forgery (CSRF) vulnerability in rickota Silverlight Video Player smooth-streaming-player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through <= 1.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53712

Cross-Site Request Forgery (CSRF) vulnerability in kevmimcc Kevin's kevins-plugin allows Stored XSS.This issue affects Kevin's: from n/a through <= 2.0.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53711

Cross-Site Request Forgery (CSRF) vulnerability in tranchesdunet Hotlink2Watermark hotlink2watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through <= 0.3.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-53710

Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS iteras allows Stored XSS.This issue affects ITERAS: from n/a through <= 1.8.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-52503

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tailored Media Tailored Tools tailored-tools allows Stored XSS.This issue affects Tailored Tools:…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-52494

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Varone, Tim Berneman Dynamic "To Top" allows Stored XSS.This issue affects Dynamic "To Top":…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-52493

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Leuze Meteor Slides meteor-slides allows Stored XSS.This issue affects Meteor Slides: from n…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-52492

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus Image horizontal reel scroll slideshow image-horizontal-reel-scroll-slideshow allows Sto…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-52491

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sanil Shakya Sticky Social Icons sticky-social-icons allows Stored XSS.This issue affects Sticky…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-52489

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in udidol Add Chat App Button add-whatsapp-button allows Stored XSS.This issue affects Add Chat App…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-52487

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webcodingplace Ultimate Classified Listings ultimate-classified-listings allows Stored XSS.This i…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-52478

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Jobify jobify allows Stored XSS.This issue affects Jobify: from n/a through < 4.3.0.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-52477

Cross-Site Request Forgery (CSRF) vulnerability in docxpresso Document & Data Automation document-data-automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through <=…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-51900

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in James Hunt What Would Seth Godin Do what-would-seth-godin-do allows Stored XSS.This issue affects…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-12-01
Medium

CVE-2024-53752

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berg Informatik Stripe Donation bin-stripe-donation allows Stored XSS.This issue affects Stripe D…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-53750

Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-53749

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Post Carousel Slider for Elementor post-carousel-slider-for-elementor allows Stored X…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53748

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. WP Mermaid wp-mermaid allows Stored XSS.This issue affects WP Mermaid: from n/a through…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53747

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nutttaro Video Player for WPBakery video-player-for-wpbakery allows Stored XSS.This issue affects…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53746

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Elementor Button Plus fd-elementor-button-plus allows Stored XSS.This issue affects Ele…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53745

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 코스모스팜 – Cosmosfarm 소셜 공유 버튼 By 코스모스팜 cosmosfarm-share-buttons allows Stored XSS.This issue affect…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53744

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SkyBootstrap Elementor Image Gallery Plugin skyboot-portfolio-gallery allows Stored XSS.This issu…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53743

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aezaz Shaikh Countdown Timer for Elementor countdown-timer-for-elementor allows Stored XSS.This i…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-11-30
Medium

CVE-2024-53786

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons cowidgets-elementor-addons allows Stored XSS.This issue aff…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-53778

Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-53763

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rejuan Ahamed Best Addons for Elementor allows Stored XSS.This issue affects Best Addons for Elem…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53760

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Capitalize My Title Capitalize My Title capitalize-my-title allows Stored XSS.This issue affects…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53758

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. WP MathJax wp-mathjax-plus allows Stored XSS.This issue affects WP MathJax: from n/a thr…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53757

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SocialEvolution WP Find Your Nearest wp-find-your-nearest allows Stored XSS.This issue affects WP…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53756

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aftab Husain Vertical Carousel vertical-carousel-slider allows Stored XSS.This issue affects Vert…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-53788

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in portfoliohub WordPress Portfolio Builder – Portfolio Gallery uber-grid allows Stored XSS.This iss…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD