High
CVE-2025-52791
Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker knowledge-base-maker allows Stored XSS.This issue affects Knowledge Base – Knowledge Base Maker:…
Tag: Stored XSS
All CVEs associated with "Stored XSS". Page 10/45 • 5376 CVEs.
Subscribe CVEs: RSS for “Stored XSS” · RSS (High+Critical only)
About “Stored XSS”
A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-06-20
High
CVE-2025-52790
Cross-Site Request Forgery (CSRF) vulnerability in r-win WP-DownloadCounter wp-downloadcounter allows Stored XSS.This issue affects WP-DownloadCounter: from n/a through <= 1.01.
High
CVE-2025-52789
Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress chordpress allows Stored XSS.This issue affects Lewe ChordPress: from n/a through <= 4.0.1.
High
CVE-2025-52784
Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post bluff-post allows Stored XSS.This issue affects Bluff Post: from n/a through <= 1.1.1.
High
CVE-2025-52783
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce wc-style allows Stored XSS.This issue affects Change Cart button Colors WooCommerce: from n/a th…
High
CVE-2025-52781
Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav tinynav allows Stored XSS.This issue affects TinyNav: from n/a through <= 1.4.
High
CVE-2025-52780
Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi samandehi-logo-manager allows Stored XSS.This issue affects Logo Manager For Samandehi: from n/a through <…
Medium
CVE-2025-52710
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team File Manager Pro filester allows Stored XSS.This issue affects File Manager Pro: from…
Medium
CVE-2025-52707
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firelight Firelight Lightbox easy-fancybox allows Stored XSS.This issue affects Firelight Lightbo…
Medium
CVE-2025-50051
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chad Butler WP-Members wp-members allows Stored XSS.This issue affects WP-Members: from n/a throu…
Medium
CVE-2025-50050
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Job…
Medium
CVE-2025-50049
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prismtechstudios Modern Footnotes modern-footnotes allows Stored XSS.This issue affects Modern Fo…
Medium
CVE-2025-50048
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu automatically-hierarchic-categories-in-menu…
Medium
CVE-2025-50047
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit sitekit allows Stored XSS.This issue affects Sitekit: from n/a through <= 1.9.
Medium
CVE-2025-50046
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through…
Medium
CVE-2025-50043
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Code Engine code-engine allows Stored XSS.This issue affects Code Engine: from n/a thr…
Medium
CVE-2025-50042
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode wp-register-profile-with-shortcode allows Store…
Medium
CVE-2025-50041
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Engine Gutenberg Blocks – ACF Blocks Suite acf-blocks allows Stored XSS.This issue affects Gut…
Medium
CVE-2025-50038
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Stored XSS.This issue af…
Medium
CVE-2025-50035
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyrilG Fyrebox Quizzes fyrebox-shortcode allows Stored XSS.This issue affects Fyrebox Quizzes: fr…
Medium
CVE-2025-50027
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signu…
Medium
CVE-2025-50026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki spoki allows Stored XSS.This issue affects Spoki: from n/a through <= 2.17.0.
Medium
CVE-2025-50025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls cp-polls allows Stored XSS.This issue affects CP Polls: from n/a through <= 1…
Medium
CVE-2025-50024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Truong Thanh ATP Call Now atp-call-now allows Stored XSS.This issue affects ATP Call Now: from n/…
Medium
CVE-2025-50023
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Coyier CodePen Embed Block codepen-embed-block allows Stored XSS.This issue affects CodePen…
Medium
CVE-2025-50022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JK WP-FB-AutoConnect wp-fb-autoconnect allows Stored XSS.This issue affects WP-FB-AutoConnect: fr…
Medium
CVE-2025-50021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Peake Better Random Redirect better-random-redirect allows Stored XSS.This issue affects B…
Medium
CVE-2025-50020
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nitin Yawalkar RDFa Breadcrumb rdfa-breadcrumb allows Stored XSS.This issue affects RDFa Breadcru…
Medium
CVE-2025-50019
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandor Kovacs Simple Sticky Footer simple-sticky-footer allows Stored XSS.This issue affects Sim…
Medium
CVE-2025-50018
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tealium Tealium tealium allows Stored XSS.This issue affects Tealium: from n/a through <= 2.1.20.
Medium
CVE-2025-50017
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt WP Voting Contest wp-voting-contest allows Stored XSS.This issue affects WP Voting Contest:…
Medium
CVE-2025-50016
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login ip-based-login allows Stored XSS.This issue affects IP Based Login: fro…
Medium
CVE-2025-50015
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodrigo Bastos Hand Talk handtalk allows Stored XSS.This issue affects Hand Talk: from n/a throug…
Medium
CVE-2025-50014
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan PDPA Consent for Thailand pdpa-consent allows Stored XSS.This issue affects PDPA Consen…
Medium
CVE-2025-50013
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Judge CSV Importer Improved csv-importer-improved allows Stored XSS.This issue affects CSV…
Medium
CVE-2025-50012
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fridaysystems Inventory Presser inventory-presser allows Stored XSS.This issue affects Inventory…
Medium
CVE-2025-50011
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Félix Martínez Recipes manager - WPH allows Stored XSS. This issue affects Recipes manager - WPH:…
2025-06-19
Medium
CVE-2025-50183
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that co…
2025-06-17
Medium
CVE-2025-49881
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Stored XSS.This issue affects…
Medium
CVE-2025-49875
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue af…
Medium
CVE-2025-49871
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noptin Newsletter Team Noptin newsletter-optin-box allows Stored XSS.This issue affects Noptin: f…
Medium
CVE-2025-49863
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs Advanced Sermons advanced-sermons allows Stored XSS.This issue affects Advanced Sermons…
Medium
CVE-2025-49862
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store ebook-store allows Stored XSS.This issue affects Ebook Store: from n/a thro…
Medium
CVE-2025-49861
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter kama-clic-counter allows Stored XSS.This issue affects Kama Click…
Medium
CVE-2025-49859
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in etruel WP Views Counter wpecounter allows Stored XSS.This issue affects WP Views Counter: from n/…
Medium
CVE-2025-49858
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Stored XSS.This issue affects Arconix…
High
CVE-2025-30988
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Stored XSS.This issue affects Elite…
2025-06-15
High
CVE-2025-5990
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.
2025-06-11
High
CVE-2025-32465
A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla was discovered. It allows attackers to perform cross-site scripting (XSS) attacks via sending crafted payload.
2025-06-09
Medium
CVE-2025-47598
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 history-log-by-click5 allows Stored XSS.This issue affects History L…
2025-06-06
High
CVE-2025-49453
Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through <= 1.…
Medium
CVE-2025-49450
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mhallmann SEPA Girocode sepa-girocode allows Stored XSS.This issue affects SEPA Girocode: from n/…
Medium
CVE-2025-49443
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris McCoy Bacon Ipsum bacon-ipsum allows Stored XSS.This issue affects Bacon Ipsum: from n/a th…
Medium
CVE-2025-49442
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mostafa Shahiri Simple Nested Menu simple-nested-menu allows Stored XSS.This issue affects Simple…
Medium
CVE-2025-49429
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Video Embeds video-embeds allows Stored XSS.This issue affects Video Embeds: from n…
Medium
CVE-2025-49427
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Abbie Expander abbie-expander allows Stored XSS.This issue affects Abbie Expander:…
High
CVE-2025-49425
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg konami-easter-egg allows Stored XSS.This issue affects Konami Easter Egg: from n/a through <= v0.4.
Medium
CVE-2025-49333
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership simple-membership allows Stored XSS.This issue affects Simple Member…
Medium
CVE-2025-49322
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/…
Medium
CVE-2025-49318
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPtouch WPtouch wptouch allows Stored XSS.This issue affects WPtouch: from n/a through <= 4.3.60.
Medium
CVE-2025-49314
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ovatheme BRW ova-brw allows Stored XSS.This issue affects BRW: from n/a through <= 1.8.6.
Medium
CVE-2025-49311
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Stored XSS…
Medium
CVE-2025-49310
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows Stored XSS.This issue affects Front…
Medium
CVE-2025-49309
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Team Member ht-team-member allows Stored XSS.This issue affects HT Team Member: fro…
Medium
CVE-2025-49306
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widg…
Medium
CVE-2025-49305
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog…
Medium
CVE-2025-49304
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeManas Search with Typesense search-with-typesense allows Stored XSS.This issue affects Search…
Medium
CVE-2025-49299
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPlugged.com WebHotelier webhotelier allows Stored XSS.This issue affects WebHotelier: from n/a t…
Medium
CVE-2025-49298
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post allows Stored XSS.This issue affects Event post: from n/a throug…
High
CVE-2025-49262
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shaonsina Sina Extension for Elementor sina-extension-for-elementor allows Stored XSS.This issue…
Medium
CVE-2025-49244
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vova Shortcodes Ultimate shortcodes-ultimate allows Stored XSS.This issue affects Shortcodes Ulti…
Medium
CVE-2025-49243
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark ShiftNav – Responsive Mobile Menu shiftnav-responsive-mobile-menu allows Stored XSS.Th…
Medium
CVE-2025-49242
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark Bellows Accordion Menu bellows-accordion-menu allows Stored XSS.This issue affects Bel…
Medium
CVE-2025-49235
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Stored XSS.This issue affects RTMKit: from n/a th…
Medium
CVE-2025-31025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects Block image-hover-effects-block allows Stored XSS.This issue affect…
High
CVE-2025-30995
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Stored XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0.
Medium
CVE-2025-30991
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Stored XSS.This issue affects WPDM…
Medium
CVE-2025-30977
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaport Live Chat Chaport chaport allows Stored XSS.This issue affects Chaport: from n/a through…
Medium
CVE-2025-30952
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdive Nexa Blocks nexa-blocks allows Stored XSS.This issue affects Nexa Blocks: from n/a through…
Medium
CVE-2025-30951
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stiofan BlockStrap Page Builder - Bootstrap Blocks blockstrap-page-builder-blocks allows Stored X…
Medium
CVE-2025-30950
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham All Currencies for WooCommerce woocommerce-all-currencies allows Stored XSS.This issue af…
Medium
CVE-2025-30942
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Post Custom Templates Lite post-custom-templates-lite allows Stored XSS.This issue aff…
Medium
CVE-2025-30941
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marvie Pons Pinterest Verify Meta Tag pinterest-verify-meta-tag allows Stored XSS.This issue affe…
Medium
CVE-2025-30940
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in melipayamak Melipayamak melipayamak allows Stored XSS.This issue affects Melipayamak: from n/a th…
Medium
CVE-2025-30939
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/…
Medium
CVE-2025-30938
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in broadly Broadly for WordPress broadly allows Stored XSS.This issue affects Broadly for WordPress:…
Medium
CVE-2025-30937
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stefanledin Responsify WP responsify-wp allows Stored XSS.This issue affects Responsify WP: from…
Medium
CVE-2025-30931
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamil Shafeev «Подсказки» от DaData.ru dadata-ru allows Stored XSS.This issue affects «Подсказки…
Medium
CVE-2025-30930
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects A…
Medium
CVE-2025-30928
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vicchi WP Biographia wp-biographia allows Stored XSS.This issue affects WP Biographia: from n/a t…
Medium
CVE-2025-30638
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PowieT Powie's Uptime Robot powies-uptime-robot allows Stored XSS.This issue affects Powie's Upti…
Medium
CVE-2025-30637
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Stored XSS.This issue affects Booking Ultra…
Medium
CVE-2025-30634
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IWEBIX WP Featured Content Slider wp-featured-content-slider allows Stored XSS.This issue affects…
Medium
CVE-2025-30630
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pozzad Global Translator global-translator allows Stored XSS.This issue affects Global Translator…
Medium
CVE-2025-30627
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regolithsjk Elegant Visitor Counter elegant-visitor-counter allows Stored XSS.This issue affects…
Medium
CVE-2025-30625
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Pramschufer AppBanners appbanners allows Stored XSS.This issue affects AppBanners: from n/a…
Medium
CVE-2025-29011
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer YouTube Simple Gallery youtube-simple-gallery allows Stored XSS.This issue affects Y…
Medium
CVE-2025-29003
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mva7 The Holiday Calendar the-holiday-calendar allows Stored XSS.This issue affects The Holiday C…
Medium
CVE-2025-28989
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login read-more-login allows Stored XSS.This issue affects Read More Login: fro…
High
CVE-2025-28981
Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options wp-mail-options allows Stored XSS.This issue affects WP Mail Options: from n/a through <= 0.2.3.
High
CVE-2025-28974
Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through <= 1.0.
High
CVE-2025-28966
Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive recent-posts-slider-responsive allows Stored XSS.This issue affects Recent Posts Slider Responsive: from n…
High
CVE-2025-28964
Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon personal-favicon allows Stored XSS.This issue affects Personal Favicon: from n/a through <= 2.0.
High
CVE-2025-28958
Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar bg-orthodox-calendar allows Stored XSS.This issue affects Bg Orthodox Calendar: from n/a through <= 0.13.10.
High
CVE-2025-28950
Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author post-author allows Stored XSS.This issue affects Post Author: from n/a through <= 1.1.1.
Medium
CVE-2023-26001
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marchetti Design Next Event Calendar allows Stored XSS. This issue affects Next Event Calendar: f…
Medium
CVE-2023-26000
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through 1.0…
Medium
CVE-2025-49076
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-build…
Medium
CVE-2025-49075
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist wishlist allows Stored XSS.This issue affects Wishlist: from n/a through <=…
Medium
CVE-2025-49074
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abu Huraira Bin Aman WidgetKit widgetkit-for-elementor allows Stored XSS.This issue affects Widge…
Medium
CVE-2025-49068
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oceanwp Ocean Extra ocean-extra allows Stored XSS.This issue affects Ocean Extra: from n/a throug…
Medium
CVE-2025-49067
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core nasa-core allows Stored XSS.This issue affects Nasa Core: from n/a through <…
2025-06-05
Medium
CVE-2025-30084
A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized befo…
Medium
CVE-2025-27754
A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The…
2025-06-04
Medium
CVE-2025-20279
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerab…
2025-06-03
Medium
CVE-2025-43924
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsCon…
Medium
CVE-2025-3662
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored…
2025-05-27
Medium
CVE-2025-3704
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up Sheets pta-volunteer-sign-up-sheets allows Stored XSS.This iss…
2025-05-23
Medium
CVE-2025-46518
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts igit-related-posts-with-thumb-images-…
Medium
CVE-2025-46493
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordwebsoftware Crossword Compiler Puzzles crossword-compiler-puzzles allows Stored XSS.This issu…