Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-55009 | 1 Datax | 1 Autobib | 2025-03-24 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a victim's browser via injecting a crafted payload into the WCE=topFrame&WCU= parameter. | |||||
| CVE-2023-23286 | 1 Farsight | 1 Provide Server | 2025-03-24 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form. | |||||
| CVE-2024-43113 | 1 Mozilla | 1 Firefox | 2025-03-24 | N/A | 6.1 MEDIUM |
| The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. | |||||
| CVE-2024-4270 | 1 Andibauer | 1 Svgmagic | 2025-03-24 | N/A | 5.4 MEDIUM |
| The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | |||||
| CVE-2024-9388 | 1 Modernaweb | 1 Black Widgets For Elementor | 2025-03-24 | N/A | 5.4 MEDIUM |
| The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-49264 | 1 Nicheaddons | 1 Events Addon For Elementor | 2025-03-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0. | |||||
| CVE-2024-49259 | 1 Nicheaddons | 1 Primary Addon For Elementor | 2025-03-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8. | |||||
| CVE-2024-44033 | 1 Nicheaddons | 1 Primary Addon For Elementor | 2025-03-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.7. | |||||
| CVE-2024-44032 | 1 Nicheaddons | 1 Restaurant \& Cafe Addon For Elementor | 2025-03-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.5. | |||||
| CVE-2024-44026 | 1 Nicheaddons | 1 Charity Addon For Elementor | 2025-03-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows Stored XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.0. | |||||
| CVE-2024-1379 | 1 Magenet | 1 Website Article Monetization | 2025-03-24 | N/A | 6.1 MEDIUM |
| The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abp_auth_key' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2021-24177 | 1 Filemanagerpro | 1 File Manager | 2025-03-24 | 3.5 LOW | 5.4 MEDIUM |
| In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response. | |||||
| CVE-2024-5418 | 1 Detheme | 1 Dethemekit For Elementor | 2025-03-24 | N/A | 5.4 MEDIUM |
| The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-0698 | 1 Easyappointments | 1 Easy\\!appointments | 2025-03-24 | N/A | 5.4 MEDIUM |
| The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-3732 | 1 Ayecode | 1 Geodirectory | 2025-03-24 | N/A | 5.4 MEDIUM |
| The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-30536 | 2025-03-24 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zeitwesentech Beautiful Link Preview allows Stored XSS. This issue affects Beautiful Link Preview: from n/a through 1.5.0. | |||||
| CVE-2025-30551 | 2025-03-24 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartredfox Pretty file links allows Stored XSS. This issue affects Pretty file links: from n/a through 0.9. | |||||
| CVE-2025-30527 | 2025-03-24 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetoolbox My Bootstrap Menu allows Stored XSS. This issue affects My Bootstrap Menu: from n/a through 1.2.1. | |||||
| CVE-2025-30566 | 2025-03-24 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aryan Themes Clink allows DOM-Based XSS. This issue affects Clink: from n/a through 1.2.2. | |||||
| CVE-2025-30537 | 2025-03-24 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristian Sarov Upload Quota per User allows Stored XSS. This issue affects Upload Quota per User: from n/a through 1.3. | |||||