Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9388 | 1 Modernaweb | 1 Black Widgets For Elementor | 2025-03-24 | 6.4 Medium |
| The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-49264 | 1 Nicheaddons | 1 Events Addon For Elementor | 2025-03-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0. | ||||
| CVE-2025-2479 | 2025-03-24 | 6.1 Medium | ||
| The Easy Custom Admin Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-2477 | 2025-03-24 | 4.7 Medium | ||
| The CryoKey plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ckemail’ parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-49259 | 1 Nicheaddons | 1 Primary Addon For Elementor | 2025-03-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8. | ||||
| CVE-2025-30527 | 2025-03-24 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetoolbox My Bootstrap Menu allows Stored XSS. This issue affects My Bootstrap Menu: from n/a through 1.2.1. | ||||
| CVE-2024-44033 | 1 Nicheaddons | 1 Primary Addon For Elementor | 2025-03-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.7. | ||||
| CVE-2025-30530 | 2025-03-24 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atikul AI Preloader allows Stored XSS. This issue affects AI Preloader: from n/a through 1.0.2. | ||||
| CVE-2025-30532 | 2025-03-24 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MorganF Weather Layer allows Stored XSS. This issue affects Weather Layer: from n/a through 4.2.1. | ||||
| CVE-2025-30533 | 2025-03-24 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus Message ticker allows Stored XSS. This issue affects Message ticker: from n/a through 9.3. | ||||
| CVE-2025-30536 | 2025-03-24 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zeitwesentech Beautiful Link Preview allows Stored XSS. This issue affects Beautiful Link Preview: from n/a through 1.5.0. | ||||
| CVE-2025-30537 | 2025-03-24 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristian Sarov Upload Quota per User allows Stored XSS. This issue affects Upload Quota per User: from n/a through 1.3. | ||||
| CVE-2025-30539 | 2025-03-24 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benedikt Mo BMo Expo allows Stored XSS. This issue affects BMo Expo: from n/a through 1.0.15. | ||||
| CVE-2025-30540 | 2025-03-24 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in avaibook AvaiBook allows Stored XSS. This issue affects AvaiBook: from n/a through 1.2. | ||||
| CVE-2025-30545 | 2025-03-24 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline issuuPress allows Stored XSS. This issue affects issuuPress: from n/a through 1.3.2. | ||||
| CVE-2025-30551 | 2025-03-24 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartredfox Pretty file links allows Stored XSS. This issue affects Pretty file links: from n/a through 0.9. | ||||
| CVE-2024-44032 | 1 Nicheaddons | 1 Restaurant \& Cafe Addon For Elementor | 2025-03-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.5. | ||||
| CVE-2025-30553 | 2025-03-24 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Z.com byGMO GMO Font Agent allows Stored XSS. This issue affects GMO Font Agent: from n/a through 1.6. | ||||
| CVE-2024-44026 | 1 Nicheaddons | 1 Charity Addon For Elementor | 2025-03-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows Stored XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.0. | ||||
| CVE-2024-1379 | 1 Magenet | 1 Website Article Monetization | 2025-03-24 | 6.1 Medium |
| The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abp_auth_key' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||