Medium
CVE-2025-47442
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CC CC BMI Calculator cc-bmi-calculator allows Stored XSS.This issue affects CC BMI Calculator: fr…
Tag: Stored XSS
All CVEs associated with "Stored XSS". Page 12/45 • 5376 CVEs.
Subscribe CVEs: RSS for “Stored XSS” · RSS (High+Critical only)
About “Stored XSS”
A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-05-07
Medium
CVE-2025-47441
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Reynolds Progress Bar progress-bar allows Stored XSS.This issue affects Progress Bar: from…
Medium
CVE-2025-39361
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal…
Critical
CVE-2025-0668
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5.
Medium
CVE-2025-0667
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
Medium
CVE-2025-0666
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
2025-05-06
High
CVE-2025-0984
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing…
2025-05-05
Medium
CVE-2025-46719
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered a…
Medium
CVE-2025-39363
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.This issue affects Custom Log…
2025-04-25
Low
CVE-2025-46618
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
Medium
CVE-2025-46482
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyThemeShop WP Quiz wp-quiz allows Stored XSS.This issue affects WP Quiz: from n/a through <= 2.0…
Medium
CVE-2025-46545
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the lic…
2025-04-24
Medium
CVE-2025-43861
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change…
Medium
CVE-2025-46542
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab xpert-tab allows Stored XSS.This issue affects Xpert Tab: from n/a through <…
Medium
CVE-2025-46541
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elrata_ WP-reCAPTCHA-bp wp-recaptcha-bp allows Stored XSS.This issue affects WP-reCAPTCHA-bp: fro…
Medium
CVE-2025-46540
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode gna-search-shortcode allows Stored XSS.This issue affects GNA Sear…
Medium
CVE-2025-46533
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress landing-pages-and-domain-aliases allows…
High
CVE-2025-46530
Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment hacklog-remote-attachment allows Stored XSS.This issue affects Hacklog Remote Attachment: from n/a through…
Medium
CVE-2025-46529
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StressFree Sites Business Contact Widget business-contact-widget allows Stored XSS.This issue aff…
High
CVE-2025-46528
Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through <= 0.2.4.
Medium
CVE-2025-46525
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in msmitley WP Cookie Consent wp-cookie-consent allows Stored XSS.This issue affects WP Cookie Conse…
High
CVE-2025-46524
Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category wp-filter-post-categories allows Stored XSS.This issue affects WP Filter Post Category: from n/a through <= 2.1.4.
Medium
CVE-2025-46523
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devignstudiosltd COVID-19 (Coronavirus) Update Your Customers covid-19-alert allows Stored XSS.Th…
High
CVE-2025-46522
Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs gt-tabs allows Stored XSS.This issue affects Tabs: from n/a through <= 4.0.3.
Medium
CVE-2025-46521
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Silver Muru WS Force Login Page ws-force-login-page allows Stored XSS.This issue affects WS Force…
High
CVE-2025-46520
Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies related-posts-via-taxonomies allows Stored XSS.This issue affects Related Posts via Taxonomies: from n/a throu…
Medium
CVE-2025-46517
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdiscover Blog Manager WP blog-manager-wp allows Stored XSS.This issue affects Blog Manager WP:…
High
CVE-2025-46516
Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator twitter-card-generator allows Stored XSS.This issue affects Twitter Card Generator: from n/a through <= 1.0.5.
High
CVE-2025-46514
Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup milat-jquery-automatic-popup allows Stored XSS.This issue affects Milat jQuery Automatic Popup: from n/a through…
High
CVE-2025-46512
Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin custom-functions allows Stored XSS.This issue affects Custom Functions Plugin: from n/a through <= 1.1.
High
CVE-2025-46510
Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar cf7-calendar allows Stored XSS.This issue affects Contact Form 7 Calendar: from n/a through <= 3.0.1.
Medium
CVE-2025-46509
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrey Mikhalchuk 360 View 360-view allows Stored XSS.This issue affects 360 View: from n/a throu…
High
CVE-2025-46508
Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through <= 1.6.0.
High
CVE-2025-46507
Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes unsafe-mimetypes allows Stored XSS.This issue affects Unsafe Mimetypes: from n/a through <= 0.1.4.
Medium
CVE-2025-46505
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farinspace Peekaboo peekaboo allows Stored XSS.This issue affects Peekaboo: from n/a through <= 1…
High
CVE-2025-46504
Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code vasaio-qr-code allows Stored XSS.This issue affects Vasaio QR Code: from n/a through <= 1.2.5.
Medium
CVE-2025-46501
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biancardi Mixcloud Embed mixcloud-embed allows Stored XSS.This issue affects Mixcloud Embed: from…
High
CVE-2025-46499
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout paypal-express-checkout allows Stored XSS.This issue affects PayP…
High
CVE-2025-46497
Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics navegg allows Stored XSS.This issue affects Navegg Analytics: from n/a through <= 3.3.3.
Medium
CVE-2025-46496
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oniswap Mini twitter feed mini-twitter-feed allows Stored XSS.This issue affects Mini twitter fee…
Medium
CVE-2025-46495
Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps drop-caps allows Stored XSS.This issue affects Drop Caps: from n/a through <= 2.1.
High
CVE-2025-46492
Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog call-now-coccoc-pht-blog allows Stored XSS.This issue affects Call Now PHT Blog: from n/a through <= 2.4.1.
Medium
CVE-2025-46491
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Muro Multi-Column Taxonomy List multi-column-taxonomy-list allows Stored XSS.This issue a…
Medium
CVE-2025-46480
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Padam Shankhadev Nepali Post Date nepali-post-date allows Stored XSS.This issue affects Nepali Po…
High
CVE-2025-46478
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaloha Dropdown Content dropdown-content allows Stored XSS.This issue affects Dropdown Content:…
Medium
CVE-2025-46477
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Stored XSS.This issue affect…
Medium
CVE-2025-46476
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nayon46 Awesome Wp Image Gallery awesome-wp-image-gallery allows Stored XSS.This issue affects Aw…
Medium
CVE-2025-46472
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack E…
Medium
CVE-2025-46469
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Buddle Send From send-from allows Stored XSS.This issue affects Send From: from n/a thro…
High
CVE-2025-46466
Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through <= 1.0.10.
High
CVE-2025-46465
Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer print-science-designer allows Stored XSS.This issue affects Print Science Designer: from n/a through <= 1.3.15…
Medium
CVE-2025-46459
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ralf Hortt Confirm User Registration confirm-user-registration allows Stored XSS.This issue affec…
High
CVE-2025-46457
Cross-Site Request Forgery (CSRF) vulnerability in Ahsanullah Akanda Wp Custom CMS Block wp-custom-cms-block allows Stored XSS.This issue affects Wp Custom CMS Block: from n/a through <= 2.1.
Medium
CVE-2025-46453
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreatorTeam Zoho Creator Forms allows Stored XSS. This issue affects Zoho Creator Forms: from n/a…
High
CVE-2025-46452
Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1.
Medium
CVE-2025-46451
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Floating Social Bar floating-social-bar allows Stored XSS.This issue affects Floating…
High
CVE-2025-46450
Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan occupancyplan allows Stored XSS.This issue affects occupancyplan: from n/a through <= 1.0.3.0.
High
CVE-2025-46449
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips wowhead-tooltips allows Stored XSS.This issue affects WoWHead Tooltips: f…
Medium
CVE-2025-46445
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown external-markdown allows Stored XSS.This issue affects External Markdown:…
High
CVE-2025-46442
Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator repayment-calculator allows Stored XSS.This issue affects Loan Calculator: from n/a through <= 1.3.
Medium
CVE-2025-46438
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners guitar-tuner allows Stored XSS.This issue affects GTDB Guitar Tuner…
High
CVE-2025-46435
Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting time-based-greeting allows Stored XSS.This issue affects Time Based Greeting: from n/a through <= 2.2.2.
Medium
CVE-2025-46261
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue…
Medium
CVE-2025-46260
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor sky-elementor-addons allows Stored XSS.This issue affects Sky Ad…
High
CVE-2025-39381
Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4.
2025-04-22
Medium
CVE-2025-46254
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affec…
Medium
CVE-2025-46253
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit gutenkit-blocks-addon allows Stored XSS.This issue affects GutenKit: from n/a th…
Medium
CVE-2025-46250
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Stored XSS.This issue affects VPSUForm: from n/a through <= 3…
Medium
CVE-2025-46240
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Download Counter simple-download-counter allows Stored XSS.This issue affects S…
Medium
CVE-2025-46239
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha theme-switcha allows Stored XSS.This issue affects Theme Switcha: from n…
Medium
CVE-2025-46238
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer List Last Changes list-last-changes allows Stored XSS.This issue affects List Last Changes:…
Medium
CVE-2025-46237
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Stored XSS.This issue affects Link Library: fro…
Medium
CVE-2025-46236
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a…
Medium
CVE-2025-46235
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a thro…
Medium
CVE-2025-46233
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv sirv allows Stored XSS.This issue affects Sirv: from n/a through…
Medium
CVE-2025-46229
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Israpil Textmetrics webtexttool allows Stored XSS.This issue affects Textmetrics: from n/a throug…
Medium
CVE-2025-46227
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts custom-related-posts allows Stored XSS.This issue affects Custom Rela…
Medium
CVE-2025-46226
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher mpl-publisher allows Stored XSS.This issue affects MPL-Publisher: from n/a…
2025-04-21
Medium
CVE-2024-12863
Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.
2025-04-17
Medium
CVE-2025-39562
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue a…
Medium
CVE-2025-39444
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a throug…
High
CVE-2025-39442
Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave – Google Places Reviews review-wave-google-places-reviews allows Stored XSS.This issue affects Review Wave – Google Places…
High
CVE-2025-39441
Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads dashboard-notepads allows Stored XSS.This issue affects Dashboard Notepads: from n/a through <= 1.2.1.
High
CVE-2025-39440
Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover broken-links-remover allows Stored XSS.This issue affects Broken Links Remover: from n/a through <= 1.2.2.
High
CVE-2025-39435
Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia my-marginalia allows Stored XSS.This issue affects My Marginalia: from n/a through <= 1.0.6.
High
CVE-2025-39433
Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker bknewsticker allows Stored XSS.This issue affects Bknewsticker: from n/a through <= 1.0.5.
High
CVE-2025-39432
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonchanning bbPress2 shortcode whitelist bbpress2-shortcode-whitelist allows Stored XSS.This is…
High
CVE-2025-39431
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin amazon-showcase-wordpress-widget allows Stored XSS.This issue affects Amazon Showcase WordPress Plugin…
High
CVE-2025-39430
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage mlanguage allows Stored XSS.This issue affects mLanguage: from n/a through <= 1.6.1.
Medium
CVE-2025-39428
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes…
Medium
CVE-2025-39427
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beth Tucker Long WP Post to PDF Enhanced wp-post-to-pdf-enhanced allows Stored XSS.This issue aff…
High
CVE-2025-39424
Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps interactive-maps allows Stored XSS.This issue affects Simple Maps: from n/a through <= 0.98.
High
CVE-2025-39423
Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header add-to-header allows Stored XSS.This issue affects Add to Header: from n/a through <= 1.0.
High
CVE-2025-39422
Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking wp-social-bookmarking allows Stored XSS.This issue affects WP Social Bookmarking: from n/a through <= 3.6.
High
CVE-2025-39421
Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons wp-sticky-side-buttons allows Stored XSS.This issue affects WP Sticky Side Buttons: from n/a through <= 2.1.
High
CVE-2025-39420
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ruudkok WP Twitter Button wp-twitter-button allows Stored XSS.This issue affects WP Twitter Butto…
High
CVE-2025-39419
Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet revision-diet allows Stored XSS.This issue affects Revision Diet: from n/a through <= 1.0.1.
High
CVE-2025-39418
Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager rss-manager allows Stored XSS.This issue affects RSS Manager: from n/a through <= 0.06.
High
CVE-2025-39417
Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page redirect-to-welcome-or-landing-page allows Stored XSS.This issue affects Redirect wordpr…
High
CVE-2025-39416
Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! translit-it allows Stored XSS.This issue affects translit it!: from n/a through <= 1.6.
High
CVE-2025-39415
Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links social-media-links allows Stored XSS.This issue affects Social Media Links: from n/a through <= 1.0.3.
High
CVE-2025-39414
Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper spam-stopper allows Stored XSS.This issue affects spam-stopper: from n/a through <= 3.1.3.
High
CVE-2025-32655
Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration restrict-user-registration allows Stored XSS.This issue affects Restrict User Registration: from n/a through <= 1.…
High
CVE-2025-32638
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile Mobile App for WooCommerce mobile-app-for-woocommerce allows Stored XSS.This issue affect…
High
CVE-2025-32637
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ketanajani WP Donate wp-donate allows Stored XSS.This issue affects WP Donate: from n/a through <…
High
CVE-2025-32613
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager debug-log-manager allows Stored XSS.This issue affects Debug Log Manager:…
High
CVE-2025-32606
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium listings-for-buildium allows Stored XSS.This issue affects Listings for Buildium: from n/a through <= 0.1.5.
High
CVE-2025-32592
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Stored XSS.This issue affects TableOn: from n/a…
High
CVE-2025-32582
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Stored XSS.This issue affects WP Auto…
High
CVE-2025-32527
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pey22 T&P Gallery Slider tp-gallery-slider allows Stored XSS.This issue affects T&P Gallery Slide…
High
CVE-2025-32490
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebsiteDefender wp secure wp-secure-by-sitesecuritymonitorcom allows Stored XSS.This issue affect…
High
CVE-2025-27314
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kush Sharma Kush Micro News kush-micro-news allows Stored XSS.This issue affects Kush Micro News:…
High
CVE-2025-27309
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeannot Muller flickr-slideshow-wrapper flickr-slideshow-wrapper allows Stored XSS.This issue aff…
High
CVE-2025-27295
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpion Live css css-live allows Stored XSS.This issue affects Live css: from n/a through <= 1.3.
Medium
CVE-2025-24550
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JobScore Job Manager job-manager-by-jobscore allows Stored XSS.This issue affects Job Manager: fr…
Medium
CVE-2025-22771
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studio Hyperset The Great Firewords of China sensitive-chinese-words-scanner allows Stored XSS.Th…
Medium
CVE-2025-22340
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash data-dash allows Stored XSS.This issue affects Data Dash: from n/a through <=…
2025-04-16
Medium
CVE-2025-26153
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, repl…
Medium
CVE-2025-39590
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.…
Medium
CVE-2025-39585
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Stored XSS.This issue affects Travelfic Toolk…