CVE Daily
← All tags

Tag: Stored XSS

All CVEs associated with "Stored XSS". Page 13/45 • 5376 CVEs.

Subscribe CVEs: RSS for “Stored XSS”  ·  RSS (High+Critical only)

About “Stored XSS”

A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-04-16
Medium

CVE-2025-39581

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes themify-shortcodes allows Stored XSS.This issue affects Themify Shor…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39578

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Stored XSS.This issue affects…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39577

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Stored XSS.This issue affects PropertyHive: from n…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39576

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows Stored XSS.This issue affects WPAdverts: from n/a throu…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39575

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa wpcasa allows Stored XSS.This issue affects WPCasa: from n/a through <= 1.3.2.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39574

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Shortcodes uix-shortcodes allows Stored XSS.This issue affects Uix Shortcodes: from…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39573

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Ca…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39572

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Stored XSS.This issue affects Checkout f…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39555

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Stored XSS.This issue affects Church Admin: from n/a…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39549

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Stored XSS.Thi…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-39548

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban right-click-disable-or-ban allows Stored XSS.This issue affects Right Click Disable OR Ban: from n/a through <=…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-39547

Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Stored XSS.This issue affects Internal Link Optimiser: from n/a through <= 5.1.3.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-39543

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-39530

Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 site-search-360 allows Stored XSS.This issue affects Site Search 360: from n/a through <= 2.1.8.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-39529

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin Cornett Scriptless Social Sharing scriptless-social-sharing allows Stored XSS.This issue af…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39528

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes rescue-shortcodes allows Stored XSS.This issue affects Rescue Sho…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39525

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Logo Carousel Slider logo-carousel-slider allows Stored XSS.This issue affects Logo Carouse…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39524

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in bPlugins Html5 Audio Player html5-audio-player allows Stored XSS.This issue affects Html5 Audio Player:…

CVSS: 6.5 CWE: CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) View on NVD
Medium

CVE-2025-39520

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Stored XSS…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39515

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tnomi Attendance Manager attendance-manager allows Stored XSS.This issue affects Attendance Manag…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-39514

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum asgaros-forum allows Stored XSS.This issue affects Asgaros Forum: from n/a…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-52281

A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue…

CVSS: 8.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-04-15
Medium

CVE-2025-30982

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media mybookprogress allows Stored XSS.This issue affects M…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26998

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a thro…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26950

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonsPress Nepali Date Converter nepali-date-converter allows Stored XSS.This issue affects Nepa…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26934

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphthemes Glossy Blog glossy-blog allows Stored XSS.This issue affects Glossy Blog: from n/a th…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26919

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainá taina allows Stored XSS.This issue affects Tainá: from n/a through < 0.2.5.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26880

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows Stored XSS.This issue affects SKT Skill Bar: from…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26749

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce product-tabs-for-woocommerce allows Stor…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22269

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Stored XSS.This issue affects Real Tes…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22268

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-30511

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant.

CVSS: 8.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26745

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSTheme RS Elements Elementor Addon rselements-lite allows Stored XSS.This issue affects RS Eleme…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-04-14
Medium

CVE-2024-49708

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for setting delivery a…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-10089

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for changing user's da…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-27009

Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.33.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2025-04-11
Medium

CVE-2025-32809

W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choice_fb[], or question_id.

CVSS: 6.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-04-10
Medium

CVE-2025-32215

Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Stored XSS.This issue affects Accessibility Suite: from n/a through <= 4.…

CVSS: 6.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Medium

CVE-2025-32214

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-04-09
Medium

CVE-2025-32680

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Grade Us, Inc. Review Stream review-stream allows Stored XSS.This issue affects Review Stream: fr…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-32673

Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through <= 2.0.6.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32669

Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Stored XSS.This issue affects Mergado Pack: from n/a through <= 4.2.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32667

Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through <= 2.5.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32664

Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities nepali-date-utilities allows Stored XSS.This issue affects Nepali Date Utilities: from n/a through <= 1.0.15.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32661

Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map interactive-us-map allows Stored XSS.This issue affects Interactive US Map: from n/a through <= 2.7.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32659

Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Stored XSS.This issue affects FraudLabs Pro for WooCommerce: from n/…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32645

Cross-Site Request Forgery (CSRF) vulnerability in Hiren Patel Custom Posts Order custom-posts-order allows Stored XSS.This issue affects Custom Posts Order: from n/a through <= 4.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32644

Cross-Site Request Forgery (CSRF) vulnerability in IP2Location IP2Location World Clock ip2location-world-clock allows Stored XSS.This issue affects IP2Location World Clock: from n/a through <= 1.1.9.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-32640

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Ally pojo-accessibility allows Stored XSS.This issue affects Ally: from n/a through <=…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-32623

Cross-Site Request Forgery (CSRF) vulnerability in plainware PlainInventory z-inventory-manager allows Stored XSS.This issue affects PlainInventory: from n/a through <= 3.1.9.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32619

Cross-Site Request Forgery (CSRF) vulnerability in KeyCAPTCHA KeyCAPTCHA keycaptcha allows Stored XSS.This issue affects KeyCAPTCHA: from n/a through <= 2.5.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32617

Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map multiple-location-google-map allows Stored XSS.This issue affects Multiple Location Google Map: from n/…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32616

Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking nimbata-call-tracking allows Stored XSS.This issue affects Nimbata Call Tracking: from n/a through <= 1.7.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32612

Cross-Site Request Forgery (CSRF) vulnerability in rafasashi User Session Synchronizer user-session-synchronizer allows Stored XSS.This issue affects User Session Synchronizer: from n/a through <= 1.…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32581

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker cf7-manual-spam-blocker allows Stored XSS.This issue affects…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-32580

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Stored XSS.This issue affect…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-32570

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce chillpay-payment-gateway allows Stored XSS.This issue affects Chill…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-32559

Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat revechat allows Stored XSS.This issue affects REVE Chat: from n/a through <= 6.4.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32555

Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrit…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32518

Cross-Site Request Forgery (CSRF) vulnerability in hossainawlad ALD Login Page ald-login-page allows Stored XSS.This issue affects ALD Login Page: from n/a through <= 1.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32505

Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer scand-multi-mailer allows Stored XSS.This issue affects MultiMailer: from n/a through <= 1.0.3.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32503

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield link-shield allows Stored XSS.This issue affects Link Shield: from n/a thr…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-32502

Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu magazine-lister-for-yumpu allows Stored XSS.This issue affects ePaper Lister for Yumpu: from n/a through <= 1…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32501

Cross-Site Request Forgery (CSRF) vulnerability in dimafreund Rentsyst rentsyst allows Stored XSS.This issue affects Rentsyst: from n/a through <= 2.0.92.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32500

Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget codescar-radio-widget allows Stored XSS.This issue affects Codescar Radio Widget: from n/a through <= 0.4.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32498

Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post vkontakte-cross-post allows Stored XSS.This issue affects VKontakte Cross-Post: from n/a through <= 0.3.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32497

Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block spoiler-block allows Stored XSS.This issue affects Spoiler Block: from n/a through <= 1.7.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-32495

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark waymark allows Stored XSS.This issue affects Waymark: from n/a through <= 1.5.3.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32493

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect bp-social-connect allows Stored XSS.This issue affects BP Social Con…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32492

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliot Akira Admin Menu Post List admin-menu-post-list allows Stored XSS.This issue affects Admin…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32489

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Wetterwarner wetterwarner allows Stored XSS.This issue affects Wetterwarner: from n/a through…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32488

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in آریا وردپرس Aria Font aria-font allows Stored XSS.This issue affects Aria Font: from n/a through…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-32484

Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WP-Planification wp-planification allows Stored XSS.This issue affects WP-Planification: from n/a through <= 2.3.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-32483

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Salisbury Request Call Back request-call-back allows Stored XSS.This issue affects Request…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-32482

Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo Custom Smilies custom-smilies allows Stored XSS.This issue affects Custom Smilies: from n/a through <= 1.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32481

Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Social Connect nino-social-connect allows Stored XSS.This issue affects Nino Social Connect: from n/a through <= 2.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32480

Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer windows-live-writer allows Stored XSS.This issue affects Windows Live Writer: from n/a through <= 0.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32479

Cross-Site Request Forgery (CSRF) vulnerability in ab-tools Flags Widget flags-widget allows Stored XSS.This issue affects Flags Widget: from n/a through <= 1.0.7.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32478

Cross-Site Request Forgery (CSRF) vulnerability in Mario Aguiar WP SexyLightBox wp-sexylightbox allows Stored XSS.This issue affects WP SexyLightBox: from n/a through <= 0.5.3.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32477

Cross-Site Request Forgery (CSRF) vulnerability in Jordi Salord WP-Easy Menu wp-easy-menu allows Stored XSS.This issue affects WP-Easy Menu: from n/a through <= 0.41.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-32476

Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle Advanced Tag Lists advanced-tag-list allows Stored XSS.This issue affects Advanced Tag Lists: from n/a through <= 1.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31404

Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend af-tell-a-friend allows Stored XSS.This issue affects AF Tell a Friend: from n/a through <= 1.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31402

Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller newsboard allows Stored XSS.This issue affects NewsBoard Post and RSS Scroller: from n/a through <=…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31401

Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through <= 1.0.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31400

Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player ws-audio-player allows Stored XSS.This issue affects WS Audio Player: from n/a through <= 1.1.8.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31399

Cross-Site Request Forgery (CSRF) vulnerability in Chandan Garg CG Scroll To Top cg-scroll-to-top allows Stored XSS.This issue affects CG Scroll To Top: from n/a through <= 3.5.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31395

Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through <= 1.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31394

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters more-mime-type-filters allows Stored XSS.This issue affec…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-31393

Cross-Site Request Forgery (CSRF) vulnerability in vfvalent Social Bookmarking RELOADED social-bookmarking-reloaded allows Stored XSS.This issue affects Social Bookmarking RELOADED: from n/a through…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31391

Cross-Site Request Forgery (CSRF) vulnerability in regen Script Compressor script-compressor allows Stored XSS.This issue affects Script Compressor: from n/a through <= 1.7.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31390

Cross-Site Request Forgery (CSRF) vulnerability in bdoga Social Crowd social-crowd allows Stored XSS.This issue affects Social Crowd: from n/a through <= 0.9.6.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31388

Cross-Site Request Forgery (CSRF) vulnerability in doa The World the-world allows Stored XSS.This issue affects The World: from n/a through <= 0.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31385

Cross-Site Request Forgery (CSRF) vulnerability in intelcaprep Site Table of Contents site-table-of-contents allows Stored XSS.This issue affects Site Table of Contents: from n/a through <= 0.3.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31383

Cross-Site Request Forgery (CSRF) vulnerability in sodena FrescoChat Live Chat flexytalk-widget allows Stored XSS.This issue affects FrescoChat Live Chat: from n/a through <= 3.2.6.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31382

Cross-Site Request Forgery (CSRF) vulnerability in theode Language Field language-field allows Stored XSS.This issue affects Language Field: from n/a through <= 0.9.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31375

Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled scheduled allows Stored XSS.This issue affects Scheduled: from n/a through <= 1.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-31035

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md – The Perfect WordPress Markdown Editor wp-editormd allows Stored XSS…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-31032

Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway pagopar-woocommerce-gateway allows Stored XSS.This issue affects Pagopar – WooCommerce Gateway:…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-31026

Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded comment-validation-reloaded allows Stored XSS.This issue affects Comment Validation Reloaded: from n/a through <=…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-31020

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler simple-spoiler allows Stored XSS.This issue affects Simple Spoiler: fro…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-31017

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager noakes-menu-manager allows Stored XSS.This issue affects Nav Menu…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-31008

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affect…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-8243

The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make…

CVSS: 6.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2025-04-08
Medium

CVE-2025-32211

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: fro…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32413

Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py.

CVSS: 6.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-04-06
Medium

CVE-2025-32369

Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature.

CVSS: 6.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-04-04
Medium

CVE-2025-32207

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods ni-woocommerce-cost-of-goods allows Stored XSS.This issu…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32197

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Addons For Elementor piotnet-addons-for-elementor allows Stored XSS.This is…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32196

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affe…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32195

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Stored…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32194

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue a…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32193

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMinds Simple WP Events simple-wp-events allows Stored XSS.This issue affects Simple WP Events:…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32192

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UltraPress Ultra Addons Lite for Elementor ut-elementor-addons-lite allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32188

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Stored XSS.This issue affects Advanced Woo L…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32185

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Coli…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32184

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Stored XSS.This issue affe…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32183

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Galaxy Weblinks Video Playlist For YouTube video-playlist-for-youtube allows Stored XSS.This issu…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32182

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spider Themes Spider Elements spider-elements allows Stored XSS.This issue affects Spider Element…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32181

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fast Simon Search, Filters & Merchandising for WooCommerce instantsearch-for-woocommerce allows S…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-32179

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP maps-for-wp allows Stored XSS.This issue affects Maps for WP: from n/a throu…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD