Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0064 | 1 Eaglevisionit | 1 Evision Responsive Column Layout Shortcodes | 2025-03-06 | 5.4 Medium |
| The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0063 | 1 Synved | 1 Wordpress Shortcodes | 2025-03-06 | 5.4 Medium |
| The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0377 | 1 Robincornett | 1 Scriptless Social Sharing | 2025-03-06 | 5.4 Medium |
| The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-1319 | 1 Elementor | 1 Site Mailer | 2025-03-06 | 6.4 Medium |
| The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-0065 | 1 I2 Pros \& Cons Project | 1 I2 Pros \& Cons | 2025-03-06 | 5.4 Medium |
| The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-1237 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1238 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1239 | 1 Answer | 1 Answer | 2025-03-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1243 | 1 Answer | 1 Answer | 2025-03-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1244 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1245 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2024-2280 | 1 Kitforest | 1 Better Elementor Addons | 2025-03-06 | 6.4 Medium |
| The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-38674 | 1 Sktthemes | 1 Skt Addons For Elementor | 2025-03-06 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 3.0. | ||||
| CVE-2024-5427 | 1 Themewinter | 1 Wpcafe | 2025-03-06 | 6.4 Medium |
| The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2289 | 1 Wpbeaveraddons | 1 Powerpack Lite For Beaver Builder | 2025-03-06 | 6.4 Medium |
| The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-4862 | 1 Wpbits | 1 Wpbits Addons For Elementor Page Builder | 2025-03-06 | 6.4 Medium |
| The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-51945 | 1 Esri | 1 Arcgis Server | 2025-03-06 | 4.8 Medium |
| There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. | ||||
| CVE-2024-51946 | 1 Esri | 1 Arcgis Server | 2025-03-06 | 4.8 Medium |
| There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. | ||||
| CVE-2024-51951 | 1 Esri | 1 Arcgis Server | 2025-03-06 | 4.8 Medium |
| There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. | ||||
| CVE-2024-51952 | 1 Esri | 1 Arcgis Server | 2025-03-06 | 4.8 Medium |
| There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. | ||||