Medium
CVE-2024-9645
The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 67/398 • 47655 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47655 CVEs for this tag (all time). In the last 365 days, 7590 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-05-15
Medium
CVE-2024-9599
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve…
Medium
CVE-2024-9390
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting a…
Medium
CVE-2024-9238
The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Medium
CVE-2024-9236
The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even whe…
Medium
CVE-2024-9227
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cr…
Medium
CVE-2024-9182
The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unf…
Medium
CVE-2024-8854
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
Medium
CVE-2024-8851
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
Medium
CVE-2024-8759
The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
Medium
CVE-2024-8703
The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scriptin…
Medium
CVE-2024-8702
The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
Medium
CVE-2024-8701
The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…
Medium
CVE-2024-8670
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti…
Medium
CVE-2024-8620
The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…
Medium
CVE-2024-8619
The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting att…
Medium
CVE-2024-8618
The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti…
Medium
CVE-2024-8617
The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
Medium
CVE-2024-8542
The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…
Medium
CVE-2024-8493
The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack…
Medium
CVE-2024-8492
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when…
Medium
CVE-2024-8426
The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting atta…
Medium
CVE-2024-8397
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attack…
Medium
CVE-2024-8284
The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks e…
Medium
CVE-2024-8187
The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…
Medium
CVE-2024-8095
The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS…
Medium
CVE-2024-8090
The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Sto…
Medium
CVE-2024-8085
The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored…
Medium
CVE-2024-8032
The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in adm…
Medium
CVE-2024-7769
The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
Medium
CVE-2024-7761
In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script,…
Medium
CVE-2024-7759
The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
Medium
CVE-2024-7758
The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to perform Stored Cross-Site S…
Medium
CVE-2024-7556
The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
Medium
CVE-2024-6798
The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
Medium
CVE-2024-6797
The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
Medium
CVE-2024-6718
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could al…
Medium
CVE-2024-6713
The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack…
Medium
CVE-2024-6712
The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stor…
Low
CVE-2024-6711
The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting a…
Medium
CVE-2024-6708
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site…
Medium
CVE-2024-6693
The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w…
Medium
CVE-2024-6668
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Si…
Medium
CVE-2024-6667
The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which co…
Medium
CVE-2024-6665
The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
Medium
CVE-2024-6478
The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site S…
Medium
CVE-2024-6462
The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…
Medium
CVE-2024-6335
The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting…
Medium
CVE-2024-5440
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode…
Medium
CVE-2024-5026
The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…
Low
CVE-2024-4091
The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting atta…
Low
CVE-2024-4004
The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting…
Low
CVE-2024-4002
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored C…
Low
CVE-2024-3996
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta…
Medium
CVE-2024-3901
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the c…
Medium
CVE-2024-3062
The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
Medium
CVE-2024-2869
The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting…
Medium
CVE-2024-2643
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could all…
Medium
CVE-2024-1663
The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Sit…
Medium
CVE-2024-13865
The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against on…
Medium
CVE-2024-13828
The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against h…
Medium
CVE-2024-13823
The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used…
Medium
CVE-2024-13730
The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Script…
Medium
CVE-2024-13729
The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scrip…
Medium
CVE-2024-13727
The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against…
Medium
CVE-2024-13621
The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Script…
Medium
CVE-2024-13619
The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against hi…
Medium
CVE-2024-13616
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross…
Medium
CVE-2024-13486
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…
Medium
CVE-2024-13482
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…
Medium
CVE-2024-13384
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perfor…
Medium
CVE-2024-13383
The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w…
Medium
CVE-2024-13382
The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin…
Medium
CVE-2024-13357
The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even…
Medium
CVE-2024-13313
The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even…
Medium
CVE-2024-13128
The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack…
Medium
CVE-2024-13127
The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack…
Medium
CVE-2024-13053
The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting…
Medium
CVE-2024-12874
The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev…
Medium
CVE-2024-12873
The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used a…
Medium
CVE-2024-12808
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow hi…
Medium
CVE-2024-12800
The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when…
Medium
CVE-2024-12770
The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even…
Medium
CVE-2024-12743
The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even…
Medium
CVE-2024-12739
The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting att…
Medium
CVE-2024-12734
The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a…
Medium
CVE-2024-12733
The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used…
Medium
CVE-2024-12732
The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used…
Medium
CVE-2024-12726
The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high p…
Medium
CVE-2024-12725
The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could b…
Medium
CVE-2024-12724
The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against…
Medium
CVE-2024-12722
The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the…
Medium
CVE-2024-12716
The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scr…
Medium
CVE-2024-12680
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
Medium
CVE-2024-12679
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
Medium
CVE-2024-12282
The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stor…
Medium
CVE-2024-11843
The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve…
Medium
CVE-2024-11719
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add St…
Medium
CVE-2024-11718
The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cros…
Medium
CVE-2024-11502
The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,…
Medium
CVE-2024-11266
The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Script…
Medium
CVE-2024-11221
The Full Screen (Page) Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Store…
Medium
CVE-2024-11190
The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even…
Medium
CVE-2024-11189
The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
Medium
CVE-2024-11141
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scrip…
Low
CVE-2024-11140
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform St…
Medium
CVE-2024-11109
The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting…
Medium
CVE-2024-10818
The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could…
Medium
CVE-2024-10639
The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…
Medium
CVE-2024-10632
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting att…
Medium
CVE-2024-10631
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embe…
Medium
CVE-2024-10504
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated use…
Medium
CVE-2024-10475
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to p…
Medium
CVE-2024-10362
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform…
Medium
CVE-2024-10149
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting att…
Medium
CVE-2024-10145
The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
Medium
CVE-2024-10144
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to…
Medium
CVE-2024-10143
The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cr…
Medium
CVE-2024-10107
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cr…
Medium
CVE-2024-10076
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately,…