Total
36728 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24502 | 1 Weplugins | 1 Wp Maps | 2025-05-07 | 3.5 LOW | 4.8 MEDIUM |
| The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed | |||||
| CVE-2023-23878 | 1 Weplugins | 1 Wp Maps | 2025-05-07 | N/A | 5.9 MEDIUM |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions. | |||||
| CVE-2015-9305 | 1 Weplugins | 1 Wp Maps | 2025-05-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions. | |||||
| CVE-2024-9428 | 1 Sygnoos | 1 Popup Builder | 2025-05-07 | N/A | 4.8 MEDIUM |
| The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-10010 | 1 Thimpress | 1 Learnpress | 2025-05-07 | N/A | 4.8 MEDIUM |
| The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-10637 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-07 | N/A | 5.4 MEDIUM |
| The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-9641 | 1 Theluckywp | 1 Luckywp Table Of Contents | 2025-05-07 | N/A | 4.8 MEDIUM |
| The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-9881 | 1 Thimpress | 1 Learnpress | 2025-05-07 | N/A | 4.8 MEDIUM |
| The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-2278 | 1 Themify | 1 Woocommerce Product Filter | 2025-05-07 | N/A | 6.1 MEDIUM |
| Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-1274 | 1 Joedolson | 1 My Calendar | 2025-05-07 | N/A | 5.4 MEDIUM |
| The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin) | |||||
| CVE-2024-10704 | 1 10web | 1 Photo Gallery | 2025-05-07 | N/A | 4.8 MEDIUM |
| The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-10980 | 1 Bdthemes | 1 Element Pack | 2025-05-07 | N/A | 5.4 MEDIUM |
| The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-10551 | 1 Sanil | 1 Sticky Social Icons | 2025-05-07 | N/A | 4.8 MEDIUM |
| The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-11183 | 1 Rumspeed | 1 Simple Side Tab | 2025-05-06 | N/A | 4.8 MEDIUM |
| The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-9651 | 1 Fluentforms | 1 Contact Form | 2025-05-06 | N/A | 6.1 MEDIUM |
| The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-45986 | 1 Projectworlds | 1 Online Voting System Project | 2025-05-06 | N/A | 5.4 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages whenever the account information is accessed. | |||||
| CVE-2023-6081 | 1 Chartjs Project | 1 Chartjs | 2025-05-06 | N/A | 5.4 MEDIUM |
| The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3420 | 1 Official Integration For Billingo Project | 1 Official Integration For Billingo | 2025-05-06 | N/A | 4.8 MEDIUM |
| The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-3408 | 1 Redlettuce | 1 Wp Word Count | 2025-05-06 | N/A | 4.8 MEDIUM |
| The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2024-45967 | 1 Pagekit | 1 Pagekit | 2025-05-06 | N/A | 4.7 MEDIUM |
| Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. | |||||