High
CVE-2025-46446
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones libro-de-reclamaciones allows Stored XSS.This issue affects Libr…
Tag: Stored XSS
All CVEs associated with "Stored XSS". Page 11/45 • 5376 CVEs.
Subscribe CVEs: RSS for “Stored XSS” · RSS (High+Critical only)
About “Stored XSS”
A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-05-23
Medium
CVE-2025-3894
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBI…
2025-05-21
High
CVE-2025-2261
Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.
2025-05-20
Medium
CVE-2025-47853
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
Medium
CVE-2025-47852
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
Medium
CVE-2025-47851
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
2025-05-19
Medium
CVE-2025-43841
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jamesdbruner WP Vegas vegas-fullscreen-background-slider allows Stored XSS.This issue affects WP…
High
CVE-2025-43840
Cross-Site Request Forgery (CSRF) vulnerability in ref CheckBot checkbot allows Stored XSS.This issue affects CheckBot: from n/a through <= 1.05.
Medium
CVE-2025-43834
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tox82 cookieBAR cookiebar allows Stored XSS.This issue affects cookieBAR: from n/a through <= 1.7…
Medium
CVE-2025-39448
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElement…
Medium
CVE-2025-46543
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CharlyLeetham Enhanced Paypal Shortcodes enhanced-paypal-shortcodes allows Stored XSS.This issue…
Medium
CVE-2025-46263
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lloyd Saunders Author Box After Posts author-box-after-posts allows Stored XSS.This issue affects…
Medium
CVE-2025-46262
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Mad Mimi for WordPress mad-mimi allows Stored XSS.This issue affects Mad Mimi for WordP…
High
CVE-2025-39374
Cross-Site Request Forgery (CSRF) vulnerability in aseem1234 Best Posts Summary best-posts-summary allows Stored XSS.This issue affects Best Posts Summary: from n/a through <= 1.0.
Medium
CVE-2025-32920
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Stored XSS.This issue aff…
Medium
CVE-2025-48341
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: fr…
Medium
CVE-2025-48288
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows St…
Medium
CVE-2025-48277
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows Stored XSS.This issue affects Cos…
Medium
CVE-2025-48276
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affec…
Medium
CVE-2025-48266
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows S…
Medium
CVE-2025-48263
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Stored XSS.This issue affects MultiV…
Medium
CVE-2025-48258
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jetmonsters Mega Menu Block getwid-megamenu allows Stored XSS.This issue affects Mega Menu Block:…
Medium
CVE-2025-48256
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes Import Social Events import-facebook-events allows Stored XSS.This issue affects Imp…
Medium
CVE-2025-48254
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Change Add to Cart Button Text for WooCommerce add-to-cart-button-labels-for-woocommerc…
Medium
CVE-2025-48253
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce amount-left-free-shipp…
Medium
CVE-2025-48252
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button…
Medium
CVE-2025-48251
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce custom-emails-for-woocommerce all…
Medium
CVE-2025-48250
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Coupons & Add to Cart by URL Links for WooCommerce url-coupons-for-woocommerce-by-algor…
Medium
CVE-2025-48249
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Stored XSS.This issue affects EAN for Wo…
Medium
CVE-2025-48248
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Sitewide Discount for WooCommerce: Apply Discount to All Products global-shop-discount-…
Medium
CVE-2025-48244
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor exclusive-addons-for-elementor allows Stored XSS.This iss…
Medium
CVE-2025-48240
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Cost of Goods for WooCommerce cost-of-goods-for-woocommerce allows Stored XSS.This issu…
Medium
CVE-2025-48239
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Notes Tab & Private Admin Notes for WooCommerce product-notes-for-woocommerce a…
High
CVE-2025-48238
Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit awcode-toolkit allows Stored XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.18.
Medium
CVE-2025-48237
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects…
High
CVE-2025-48236
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net bunnycdn allows Stored XSS.This issue affects bunny.net: from n/a through <=…
High
CVE-2025-48233
Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration affiliates-manager-google-recaptcha-integration allows Stored XSS.This issue affects Affilia…
Medium
CVE-2025-48232
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Stored XSS…
2025-05-16
Medium
CVE-2025-4805
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated adm…
Medium
CVE-2025-4804
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability re…
High
CVE-2025-48146
Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline lupsonline-link-netwerk allows Stored XSS.This issue affects SEO Flow by LupsOnline: from n/a through <= 2.2.1.
High
CVE-2025-48144
Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Stored XSS.This issue affects Import Export For WooCommerce: from n/a thro…
Medium
CVE-2025-48132
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Stored XSS.This issue affects X Addons…
Medium
CVE-2025-48131
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite ultraaddons-elementor-lite allows Stored XSS.This issue a…
High
CVE-2025-48114
Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger shayanweb-admin-fontchanger allows Stored XSS.This issue affects ShayanWeb Admin FontChanger: fro…
Medium
CVE-2025-48113
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: fro…
Medium
CVE-2025-48080
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue…
Medium
CVE-2025-47557
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg allows Stored XSS.This issue affects MapSVG: from n/a through <= 8.5.31.
Medium
CVE-2025-46464
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Stored XSS.This issue affects Ads Pro: from n/a throug…
Medium
CVE-2025-39509
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook pdf-viewer-for-wordpress allows Stored XSS.This issue affects TNC FlipBoo…
Medium
CVE-2025-32245
Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll featured-posts-scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through <= 1.25.
Medium
CVE-2025-32180
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojofywp Product Carousel For WooCommerce – WoorouSell woorousell allows Stored XSS.This issue af…
High
CVE-2025-31922
Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Stored XSS.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3…
2025-05-15
Medium
CVE-2024-8095
The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS…
Medium
CVE-2024-8090
The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Sto…
Medium
CVE-2024-8085
The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored…
Medium
CVE-2024-8032
The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in adm…
Medium
CVE-2024-7761
In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script,…
Medium
CVE-2024-6712
The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stor…
Medium
CVE-2024-3901
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the c…
Medium
CVE-2024-12282
The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stor…
Medium
CVE-2024-11719
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add St…
Medium
CVE-2024-10076
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately,…
High
CVE-2024-0852
The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored…
High
CVE-2023-7197
The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin a…
High
CVE-2023-7174
The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin a…
High
CVE-2025-32922
Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Stored XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0.
2025-05-12
Medium
CVE-2025-3649
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attack…
2025-05-07
Medium
CVE-2025-20147
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scr…
Medium
CVE-2025-47686
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Stored XSS.This issue affects DELUCKS SEO: from n/a throug…
High
CVE-2025-47685
Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout contribuinte-checkout allows Stored XSS.This issue affects Contribuinte Checkout: from n/a through <= 2.0.03.
Medium
CVE-2025-47677
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Stored XSS.This issue affects Photo Galler…
Medium
CVE-2025-47676
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faiyaz Alam User Login History user-login-history allows Stored XSS.This issue affects User Login…
Medium
CVE-2025-47668
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cookiecode CookieCode cookiecode allows Stored XSS.This issue affects CookieCode: from n/a throug…
Medium
CVE-2025-47665
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bistromatic N360 | Splash Screen n360-splash-screen allows Stored XSS.This issue affects N360 | S…
Medium
CVE-2025-47662
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox woobox allows Stored XSS.This issue affects Woobox: from n/a through <= 1.6.
Medium
CVE-2025-47659
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.Th…
Medium
CVE-2025-47656
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiracle Themes Spiraclethemes Site Library spiraclethemes-site-library allows Stored XSS.This is…
High
CVE-2025-47655
Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer themarketer allows Stored XSS.This issue affects theMarketer: from n/a through <= 1.4.7.
High
CVE-2025-47648
Cross-Site Request Forgery (CSRF) vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a thr…
High
CVE-2025-47639
Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading polylang-supertext allows Stored XSS.This issue affects Supertext Translation and Proofreading: fro…
Medium
CVE-2025-47638
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarvesh M Rao WP Discord Invite wp-discord-invite allows Stored XSS.This issue affects WP Discord…
Medium
CVE-2025-47632
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raihanul Islam Awesome Gallery awesome-gallery allows Stored XSS.This issue affects Awesome Galle…
Medium
CVE-2025-47630
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Stored XSS.This issue affects Ajax Load More:…
Medium
CVE-2025-47626
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Submission DOM tracking for Contact Form 7 cf7-submission-dom-tracking allows Stored…
Medium
CVE-2025-47625
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Stored XSS.This issue affects DoFo…
Medium
CVE-2025-47623
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Easy PayPal Buy Now Button wp-ecommerce-paypal allows Stored XSS.This issue affect…
Medium
CVE-2025-47622
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Email Notification on Login email-notification-on-login allows Stored XSS.This issue…
Medium
CVE-2025-47621
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Flexible Shortcodes meks-flexible-shortcodes allows Stored XSS.This issue affects Meks…
Medium
CVE-2025-47617
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Stored XSS.This issue affects W…
Medium
CVE-2025-47616
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kodezen LLC aBlocks ablocks allows Stored XSS.This issue affects aBlocks: from n/a through <= 1.9…
Medium
CVE-2025-47615
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flowdee Amazon Product in a Post amazon-product-in-a-post-plugin allows Stored XSS.This issue aff…
Medium
CVE-2025-47607
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AppJetty Show All Comments show-all-comments-in-one-page allows Stored XSS.This issue affects Sho…
Medium
CVE-2025-47605
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AppJetty WP jQuery DataTable wp-jquery-datatable allows Stored XSS.This issue affects WP jQuery D…
Medium
CVE-2025-47604
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. Inline Related Posts intelly-related-posts allows Stored XSS.This i…
Medium
CVE-2025-47595
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darshan Saroya Color Your Bar color-your-bar allows Stored XSS.This issue affects Color Your Bar:…
Medium
CVE-2025-47593
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonas Hjalmarsson Really Simple Under Construction Page really-simple-under-construction allows S…
Medium
CVE-2025-47592
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Árpád Lehel Mátyus Terms Popup On User Login terms-popup-on-user-login allows Stored XSS.This iss…
Medium
CVE-2025-47547
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored…
Medium
CVE-2025-47525
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Bui…
Medium
CVE-2025-47524
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karim42 Quran multilanguage Text & Audio quran-text-multilanguage allows Stored XSS.This issue af…
Medium
CVE-2025-47522
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AWEOS GmbH AWEOS WP Lock aweos-wp-lock allows Stored XSS.This issue affects AWEOS WP Lock: from n…
Medium
CVE-2025-47521
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows Stored XSS.This issue affects Robo Gallery: from n/a th…
Medium
CVE-2025-47520
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable charitable allows Stored XSS.This issue affects Charitable: from n/a throu…
Medium
CVE-2025-47518
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on contact-form-7-paypal-add-on allows Stored…
High
CVE-2025-47517
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Stored XSS.This issue affects Accept Donations with PayPal & Stripe…
Medium
CVE-2025-47516
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Time Clock time-clock allows Stored XSS.This issue affects Time Clock: from n/a th…
High
CVE-2025-47514
Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related Posts Footer Links and Widget spostarbust allows Stored XSS.This issue affects ELI's Related Posts Footer Links and Widget: from n…
Medium
CVE-2025-47509
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 top-10 allows Stored XSS.This issue affects Top 10: from n/a through <= 4.1.0.
Medium
CVE-2025-47505
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce product-countdown-for-woocommerce allows Stor…
Medium
CVE-2025-47504
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Custom Checkout Fields for WooCommerce custom-checkout-fields-for-woocommerce allows St…
Medium
CVE-2025-47503
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows Stored XSS.This issue affects NGG Sma…
Medium
CVE-2025-47502
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick van Wobbie Mollie Forms mollie-forms allows Stored XSS.This issue affects Mollie Forms: from…
Medium
CVE-2025-47499
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Blog Stats simple-blog-stats allows Stored XSS.This issue affects Simple Blog S…
Medium
CVE-2025-47495
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blockspare Blockspare blockspare allows Stored XSS.This issue affects Blockspare: from n/a throug…
Medium
CVE-2025-47489
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markkinchin Beds24 Online Booking beds24-online-booking allows Stored XSS.This issue affects Beds…
Medium
CVE-2025-47482
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows Stored XSS.This issue affects SKT Skill Bar: from…
Medium
CVE-2025-47475
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artbees JupiterX Core jupiterx-core allows Stored XSS.This issue affects JupiterX Core: from n/a…
Medium
CVE-2025-47449
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Stored XSS.This issue affects Meow Gallery: from n/a…
Medium
CVE-2025-47443
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown:…