Medium
CVE-2025-31591
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in promoz73 Exit Popup Free exit-popup-free allows Stored XSS.This issue affects Exit Popup Free: fr…
Tag: Stored XSS
All CVEs associated with "Stored XSS". Page 15/45 • 5376 CVEs.
Subscribe CVEs: RSS for “Stored XSS” · RSS (High+Critical only)
About “Stored XSS”
A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-03-31
Medium
CVE-2025-31590
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Denra.com WP Date and Time Shortcode wp-date-and-time-shortcode allows Stored XSS.This issue affe…
Medium
CVE-2025-31589
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kibru Demeke Ethiopian Calendar ethiopian-calendar allows Stored XSS.This issue affects Ethiopian…
Medium
CVE-2025-31587
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elfsight Elfsight Testimonials Slider elfsight-testimonials-slider allows Stored XSS.This issue a…
Medium
CVE-2025-31586
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery – Photo Albums Plugin easy-media-gallery allows Stored XSS.This issue affects Ga…
High
CVE-2025-31583
Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Copy Media URL wp-copy-media-url allows Stored XSS.This issue affects WP Copy Media URL: from n/a through <= 2.1.
Medium
CVE-2025-31575
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vasilis Triantafyllou Flag Icons language-icons-flags-switcher allows Stored XSS.This issue affects Flag…
Medium
CVE-2025-31574
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftHopper Custom Content Scrollbar custom-content-scrollbar allows Stored XSS.This issue affects…
High
CVE-2025-31570
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails advanced-css3-related-posts-widget allows Stored XSS.This issue affects Related Posts Widget with Thumbn…
High
CVE-2025-31569
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress related Posts with thumbnails related-posts-list-grid-and-slider-all-in-one allows Stored XSS.This issue affects wordpress related…
Medium
CVE-2025-31567
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This…
High
CVE-2025-31566
Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup Rio Video Gallery rio-video-gallery allows Stored XSS.This issue affects Rio Video Gallery: from n/a through <= 2.3.6.
Medium
CVE-2025-31556
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker idx-broker-platinum allows Stored XSS.This issue affects IMPres…
Medium
CVE-2025-31538
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in checklistcom Checklist checklist allows Stored XSS.This issue affects Checklist: from n/a through…
Medium
CVE-2025-31532
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team AtomChat AtomChat atomchat allows Stored XSS.This issue affects AtomChat: from n/a through <…
Medium
CVE-2025-31414
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows Stored XSS.This issue affects Cos…
Medium
CVE-2025-30987
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For…
2025-03-28
Medium
CVE-2025-31473
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewprice1178 WP Database Optimizer wp-database-optimizer allows Stored XSS.This issue affects…
Medium
CVE-2025-31472
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michele Marri Flatty flatty-flat-admin-theme allows Stored XSS.This issue affects Flatty: from n/…
Medium
CVE-2025-31471
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Falcon Solutions Duplicate Page and Post duplicate-post-and-page allows Stored XSS.This issue aff…
Medium
CVE-2025-31470
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Page Takeover page-takeover allows Stored XSS.This issue affects Page Takeover: from…
Medium
CVE-2025-31465
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornershop Better Section Navigation Widget better-section-navigation allows Stored XSS.This issu…
Medium
CVE-2025-31464
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmur Rahman Text Selection Color text-selection-color allows Stored XSS.This issue affects Text…
Medium
CVE-2025-31463
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in preetindersodhi TGG WP Optimizer tgg-wp-optimizer allows Stored XSS.This issue affects TGG WP Opt…
High
CVE-2025-31460
Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager omnileads-scripts-and-tags-manager allows Stored XSS.This issue affects OmniLeads Scripts and Tags…
High
CVE-2025-31459
Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert login-alert allows Stored XSS.This issue affects Login Alert: from n/a through <= 0.2.1.
High
CVE-2025-31458
Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder video-embedder allows Stored XSS.This issue affects Video Embedder: from n/a through <= 1.7.1.
Medium
CVE-2025-31453
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stian Andreassen YouTube SimpleGallery youtube-simplegallery allows Stored XSS.This issue affects…
Medium
CVE-2025-31452
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mindshare Labs, Inc. WP Ultimate Search wp-ultimate-search allows Stored XSS.This issue affects W…
Medium
CVE-2025-31451
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevinweber wBounce wbounce allows Stored XSS.This issue affects wBounce: from n/a through <= 1.8.…
Medium
CVE-2025-31450
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phantom.omaga Toggle Box toggle-box allows Stored XSS.This issue affects Toggle Box: from n/a thr…
High
CVE-2025-31449
Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor Counter the-visitor-counter allows Stored XSS.This issue affects The Visitor Counter: from n/a through <= 1.4.3.
High
CVE-2025-31444
Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Slideshow showtime-slideshow allows Stored XSS.This issue affects ShowTime Slideshow: from n/a through <= 1.6.
High
CVE-2025-31443
Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It kk-i-like-it allows Stored XSS.This issue affects KK I Like It: from n/a through <= 1.7.5.3.
High
CVE-2025-31440
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Terms of Use terms-of-use-2 allows Stored XSS.This issue affects Terms of Use: from n/a through <= 2.0.
Medium
CVE-2025-31437
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Miller WP-OGP wp-ogp allows Stored XSS.This issue affects WP-OGP: from n/a through <= 1.0.5.
High
CVE-2025-31435
Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts Microblog Poster microblog-poster allows Stored XSS.This issue affects Microblog Poster: from n/a through <= 2.1.6.
Medium
CVE-2025-31434
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Stored XSS.This issue affects Fo…
Medium
CVE-2025-31433
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miguel Sirvent Magic Embeds wp-embed-facebook allows Stored XSS.This issue affects Magic Embeds:…
Medium
CVE-2025-31094
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Ca…
Medium
CVE-2025-31090
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alordiel Dropdown Multisite selector dropdown-multisite-selector allows Stored XSS.This issue aff…
Medium
CVE-2025-31088
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affec…
Medium
CVE-2025-31083
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Stored XSS.This issue affects Leaky Paywall: from n/a…
Medium
CVE-2025-31075
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments paid-membership allows Stored XSS.This issue affects MicroPayments: from n/a…
Medium
CVE-2025-31073
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bensibley Unlimited unlimited allows Stored XSS.This issue affects Unlimited: from n/a through <=…
Medium
CVE-2025-31092
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.T…
2025-03-27
Medium
CVE-2025-31101
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact F…
Medium
CVE-2025-31031
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Job Colors for WP Job Manager wp-job-manager-colors allows Stored XSS.This issue affec…
Medium
CVE-2025-30366
WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the use…
Medium
CVE-2025-30363
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be e…
Medium
CVE-2025-30362
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be e…
Medium
CVE-2025-26762
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a thr…
Medium
CVE-2025-22640
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in integrationdevpaytm Paytm Payment Donation paytm-donation allows Stored XSS.This issue affects Pa…
Medium
CVE-2025-22638
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce allows Stored XSS.This issue…
High
CVE-2025-22628
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision Filled In filled-in allows Stored XSS.This issue affects Filled In: from n/a through…
Medium
CVE-2025-22497
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bramwaas Simple Google Calendar Outlook Events Block Widget simple-google-icalendar-widget allows…
Medium
CVE-2025-22496
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarMar8x Notif Bell notif-bell allows Stored XSS.This issue affects Notif Bell: from n/a through…
Medium
CVE-2025-22278
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1…
Medium
CVE-2025-22659
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit F…
High
CVE-2025-22658
Cross-Site Request Forgery (CSRF) vulnerability in Listings for Appfolio Listings for Appfolio listings-for-appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through <= 1.…
Medium
CVE-2025-22649
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project…
Medium
CVE-2025-22648
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Blog, Posts and Category Filter for Elementor blog-posts-and-category-for-elementor a…
Medium
CVE-2025-22646
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite allows Stored XSS.This…
Medium
CVE-2025-22644
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce vayu-blocks allows Stored XS…
Medium
CVE-2025-26736
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in victortihai MorningTime Lite morningtime-lite allows Stored XSS.This issue affects MorningTime Li…
Medium
CVE-2025-26734
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peregrinethemes Hester hester allows Stored XSS.This issue affects Hester: from n/a through <= 1.…
Medium
CVE-2025-26731
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARPrice arprice allows Stored XSS.This issue affects ARPrice: from n/a through…
Medium
CVE-2025-31140
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
Medium
CVE-2025-30925
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack E…
Medium
CVE-2025-30922
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder simplebooklet allows Stored XSS.This issue af…
Medium
CVE-2025-30920
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Ca…
High
CVE-2025-30919
Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget store-locator-widget allows Stored XSS.This issue affects Store Locator Widget: from n/a through <= 2025r…
Medium
CVE-2025-30918
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme Structured Content structured-content allows Stored XSS.This issue affects Structure…
Medium
CVE-2025-30904
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Stored XSS.This issue affects Chartify: from n/a through <=…
Medium
CVE-2025-30900
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho B…
Medium
CVE-2025-30899
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registrat…
Medium
CVE-2025-30898
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahdi Yousefi [MahdiY] افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) persian-woocomm…
Medium
CVE-2025-30873
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Stored XSS.This issue affec…
Medium
CVE-2025-30867
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SearchIQ SearchIQ searchiq allows Stored XSS.This issue affects SearchIQ: from n/a through <= 4.7.
High
CVE-2025-30857
Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooComme…
Medium
CVE-2025-30850
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sfaerber Dr. Flex dr-flex allows Stored XSS.This issue affects Dr. Flex: from n/a through <= 2.0.…
Medium
CVE-2025-30847
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashley Novelist novelist allows Stored XSS.This issue affects Novelist: from n/a through <= 1.2.3.
Medium
CVE-2025-30838
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks cozy-addons allows Stored XSS.This issue affects Cozy Blocks: from n/a thr…
Medium
CVE-2025-30836
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint latepoint allows Stored XSS.This issue affects LatePoint: from n/a through <=…
Medium
CVE-2025-30813
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in listamester Listamester listamester allows Stored XSS.This issue affects Listamester: from n/a th…
Medium
CVE-2025-30812
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Addons for Elementor skt-addons-for-elementor allows Stored XSS.This issue affec…
Medium
CVE-2025-30800
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atawai Gum Elementor Addon gum-elementor-addon allows Stored XSS.This issue affects Gum Elementor…
Medium
CVE-2025-30799
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagup WP Google Street View wp-google-street-view allows Stored XSS.This issue affects WP Google…
Medium
CVE-2025-30792
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ufukart Comment Approved Notifier Extended comment-approved-notifier-extended allows Stored XSS.T…
Medium
CVE-2025-30789
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in clearoutio Clearout Email Validator clearout-email-validator allows Stored XSS.This issue affects…
High
CVE-2025-30787
Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup:…
Medium
CVE-2025-30780
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cubecolour Audio Album audio-album allows Stored XSS.This issue affects Audio Album: from n/a thr…
Medium
CVE-2025-30779
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick van Wobbie Doneren met Mollie doneren-met-mollie allows Stored XSS.This issue affects Donere…
Medium
CVE-2025-30776
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit sitekit allows Stored XSS.This issue affects Sitekit: from n/a through <= 1.8.
High
CVE-2025-30769
Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite wip-woocarousel-lite allows Stored XSS.This issue affects WIP WooCarousel Lite: from n/a through <= 1.1.7.
Medium
CVE-2025-30768
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge jalbum-bridge allows Stored XSS.This issue affects jAlbum Bridge: from n/a th…
Medium
CVE-2025-30763
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer EO4WP fw-integration-for-emailoctopus allows Stored XSS.This issue affects EO4WP: fr…
2025-03-26
High
CVE-2025-28917
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crazyloong Custom Smilies custom-smilies-se allows Stored XSS.This issue affects Custom Smilies:…
Medium
CVE-2025-28885
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fiverraffiliates Fiverr.com Official Search Box fiverr-official-search-box allows Stored XSS.This…
Medium
CVE-2025-26929
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Accounting for WooCommerce accounting-for-woocommerce allows Stored XSS.This issue aff…
Medium
CVE-2025-26923
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post allows Stored XSS.This issue affects Event post: from n/a throug…
Medium
CVE-2025-26922
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techthemes AuraMart auramart allows Stored XSS.This issue affects AuraMart: from n/a through <= 2…
Medium
CVE-2025-26869
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Build allows Stored XSS.This issue affects Build: from n/a through 1.0.3.
Medium
CVE-2025-26747
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.…
Medium
CVE-2025-26739
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1.
Medium
CVE-2025-26537
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rolomak GDPR Tools gdpr-tools allows Stored XSS.This issue affects GDPR Tools: from n/a through <…
Medium
CVE-2024-11847
The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
2025-03-25
Medium
CVE-2025-26742
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo feed-instagram-lite allows Stored XSS.This issue affects Galler…
2025-03-24
Medium
CVE-2025-2748
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through…
Medium
CVE-2024-9103
Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. This issue affects Email Security through 8.5.5.
Medium
CVE-2025-30623
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry wA11y – The Web Accessibility Toolbox wa11y allows Stored XSS.This issue affects wA…
High
CVE-2025-30621
Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator translator allows Stored XSS.This issue affects Translator: from n/a through <= 0.3.
High
CVE-2025-30620
Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator wp-odoo-form-integrator allows Stored XSS.This issue affects WP Odoo Form Integrator: from n/a through <= 1.1.0.
High
CVE-2025-30612
Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words replace-default-words allows Stored XSS.This issue affects Replace Default Words: from n/a through <= 1.3.
Medium
CVE-2025-30610
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widg…
High
CVE-2025-30608
Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup wordpress-sql-backup allows Stored XSS.This issue affects WordPress SQL Backup: from n/a through <= 3.5.2.
Medium
CVE-2025-30606
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Logan Carlile Easy Page Transition easy-page-transition allows Stored XSS.This issue affects Easy…
High
CVE-2025-30603
Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink copy-link allows Stored XSS.This issue affects CopyLink: from n/a through <= 1.1.
High
CVE-2025-30602
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alphasis Related Posts via Categories related-posts-via-categories allows Stored XSS.This issue a…
Medium
CVE-2025-30600
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiagogsrwp WP Hotjar wp-hotjar allows Stored XSS.This issue affects WP Hotjar: from n/a through…