CVE Daily
← All tags

Tag: Stored XSS

All CVEs associated with "Stored XSS". Page 17/45 • 5376 CVEs.

Subscribe CVEs: RSS for “Stored XSS”  ·  RSS (High+Critical only)

About “Stored XSS”

A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-02-24
Medium

CVE-2025-27351

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpertBusinessSearch Local Search SEO Contact Page local-search-seo-contact-page allows Stored XS…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-27349

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nurelm Get Posts nurelm-get-posts allows Stored XSS.This issue affects Get Posts: from n/a throug…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-27348

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel WP Social SEO Booster – Knowledge Graph Social Signals SEO wp-social-seo-booster allows St…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-27347

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techmix Direct Checkout Button for WooCommerce woo-direct-checkout-button allows Stored XSS.This…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-27341

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in afzal_du Reactive Mortgage Calculator reactive-mortgage-calculator allows Stored XSS.This issue a…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-27332

Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Maintenance & Countdown smart-maintenance-countdown allows Stored XSS.This issue affects Smart Maintenance & Countdown: from n/a thro…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-27321

Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Explorer blighty-explorer allows Stored XSS.This issue affects Blightly Explorer: from n/a through <= 2.3.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-27306

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pathomation Pathomation pathomation allows Stored XSS.This issue affects Pathomation: from n/a th…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-27305

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Achal Jain Table of Contents Block table-of-contents allows Stored XSS.This issue affects Table o…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-27304

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelogger Contact Form 7 Star Rating with font Awesome contact-form-7-star-rating-with-font-awe…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-27303

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelogger Contact Form 7 Star Rating contact-form-7-star-rating allows Stored XSS.This issue af…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-02-23
High

CVE-2025-22632

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalsoft WooCommerce Pricing – Product Pricing woo-pricing-table allows Stored XSS.This issue af…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-02-22
High

CVE-2025-26756

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grimdonkey Magic the Gathering Card Tooltips magic-the-gathering-card-tooltips allows Stored XSS.…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-02-18
Medium

CVE-2025-27016

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Drivr Lite – Google Drive Plugin allows Stored XSS. This issue affects Drivr Lite – Googl…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22650

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget smartarget-contact-us allows Stored XSS.This issue affects Sma…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-02-17
Medium

CVE-2025-26778

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery gallery allows Stored XSS.This issue affects Gallery: from n/a through <= 2.2.…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26775

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR woo-bulk-editor allows Stored XSS.This issue affects BEAR: from n/a through <= 1.…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26772

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detheme DethemeKit For Elementor dethemekit-for-elementor allows Stored XSS.This issue affects De…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26771

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a thro…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26770

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark waymark allows Stored XSS.This issue affects Waymark: from n/a through <= 1.5.0.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26769

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Stored XSS.This issu…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26754

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Timeline Block timeline-block-block allows Stored XSS.This issue affects Timeline Block:…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-02-16
High

CVE-2025-26768

Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-26767

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.12.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26766

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka leyka allows Stored XSS.This issue affects Leyka: from n/a through <= 3.31.8.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-26759

Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager content-snippet-manager allows Stored XSS.This issue affects Content Snippet Manager: from n/a through <= 1.1.5.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-23975

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Bot…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22689

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Levan Tarbor Forex Calculators fx-calculators allows Stored XSS.This issue affects Forex Calculat…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22676

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin – Upcasted upcasted-s3-offload allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-02-14
Medium

CVE-2025-1239

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability re…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-1071

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability re…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-24641

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API better-wlm-api allows Stored XSS.This issue affects Better Wish…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-02-13
High

CVE-2025-26582

Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems tinymce-advanced-qtranslate-fix-editor-problems allows Stored XSS.This issue affects TinyMC…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-26580

Cross-Site Request Forgery (CSRF) vulnerability in Complete SEO Page/Post Specific Social Share Buttons pagepost-specific-social-share-buttons allows Stored XSS.This issue affects Page/Post Specific…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-26578

Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation client-documentation allows Stored XSS.This issue affects Simple Documentation: from n/a through <= 1.2.8.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-26577

Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish dx-auto-publish allows Stored XSS.This issue affects DX-auto-publish: from n/a through <= 1.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-26574

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moch Amir Google Drive WP Media google-drive-wp-media allows Stored XSS.This issue affects Google…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-26569

Cross-Site Request Forgery (CSRF) vulnerability in Callmeforsox Post Thumbs allows Stored XSS. This issue affects Post Thumbs: from n/a through 1.5.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-26568

Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information easy-amazon-product-information allows Stored XSS.This issue affects Easy Amazon Product Information: fr…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-26562

Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik RSS Filter rss-filter allows Stored XSS.This issue affects RSS Filter: from n/a through <= 1.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-26561

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elfsight Elfsight Yottie Lite yottie-lite allows Stored XSS.This issue affects Elfsight Yottie Li…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-26552

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in badrHan Naver Syndication V2 badr-naver-syndication allows Stored XSS.This issue affects Naver Sy…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-26551

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Bootstrap collapse bootstrap-collapse allows Stored XSS.This issue affects Bootstrap co…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-26550

Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description global-meta-keyword-and-description allows Stored XSS.This issue affects Global Meta Keyword & Descr…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-26549

Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap wp-html-page-sitemap allows Stored XSS.This issue affects WP Html Page Sitemap: from n/a through <= 2.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-26547

Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin my-loginlogout allows Stored XSS.This issue affects My Login Logout Plugin: from n/a through <= 2.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-26545

Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard related-posts-line-up-exactry-by-milliard allows Stored XSS.This issue affects Related Posts Line-u…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-26543

Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through <= 2.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-26539

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petkivim Embed Google Map embed-google-map allows Stored XSS.This issue affects Embed Google Map:…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-26538

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Prezi Embedder prezi-embedder allows Stored XSS.This issue affects Prezi Embedder: f…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-02-10
Medium

CVE-2024-10649

wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to m…

CVSS: 6.1 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2025-02-07
High

CVE-2025-25166

Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation inlocation allows Stored XSS.This issue affects InLocation: from n/a through <= 1.8.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25160

Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker style-tweaker allows Stored XSS.This issue affects Style Tweaker: from n/a through <= 0.11.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25159

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez wpdoodlez allows Stored XSS.This issue affects WP doodlez: from n/a th…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-25156

Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through <= 3.0.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25154

Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications custom-comment-notifications allows Stored XSS.This issue affects Custom Comment Notifications: from n/a throug…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25153

Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag simple-auto-tag allows Stored XSS.This issue affects Simple Auto Tag: from n/a through <= 1.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25152

Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow smart-dofollow allows Stored XSS.This issue affects Smart DoFollow: from n/a through <= 1.0.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25149

Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box login-box allows Stored XSS.This issue affects Login-box: from n/a through <= 2.0.4.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25148

Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link read-more-copy-link allows Stored XSS.This issue affects Read More Copy Link: from n/a through <= 1.0.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25147

Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO auto-seo allows Stored XSS.This issue affects Auto SEO: from n/a through <= 2.5.6.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25144

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theasys Theasys theasys allows Stored XSS.This issue affects Theasys: from n/a through <= 1.0.1.

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-25140

Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile simple-user-profile allows Stored XSS.This issue affects Simple User Profile: from n/a through <= 1.9.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25139

Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed wp-custom-post-rss-feed allows Stored XSS.This issue affects WP Custom Post RSS Feed: from n/a through…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25138

Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button ops-robots-txt allows Stored XSS.This issue affects On Page SEO + Whatsapp Chat Button: from n/a through <=…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-25136

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shujahat21 Optimate Ads optimate-ads allows Stored XSS.This issue affects Optimate Ads: from n/a…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-25135

Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar customize-wpadmin allows Stored XSS.This issue affects Custom Links On Admin Dashboard Toolb…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25128

Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker facilita-form-tracker allows Stored XSS.This issue affects Facilita Form Tracker: from n/a through <= 1.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25126

Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO zmseo allows Stored XSS.This issue affects ZMSEO: from n/a through <= 1.14.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25125

Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes fyrebox-shortcode allows Stored XSS.This issue affects Fyrebox Quizzes: from n/a through <= 3.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25123

Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts easy-related-posts allows Stored XSS.This issue affects Easy Related Posts: from n/a through <= 2.0.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-25117

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Polonski Smart Countdown FX smart-countdown-fx allows Stored XSS.This issue affects Smart Co…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25105

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in coffeestudios Pop Up popup-seo-optimized allows Stored XSS.This issue affects Pop Up: from n/a th…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25098

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Capti…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25097

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kwiliarty External Video For Everybody external-video-for-everybody allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25096

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titusbicknell RSS in Page rss-in-page allows Stored XSS.This issue affects RSS in Page: from n/a…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25095

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reverbnationdev ReverbNation Widgets reverbnation-widgets allows Stored XSS.This issue affects Re…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25094

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amitythemes.com Breaking News Ticker breaking-news-ticker allows Stored XSS.This issue affects Br…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25091

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zackdesign NextGen Cooliris Gallery nextgen-cooliris-gallery allows Stored XSS.This issue affects…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25085

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matt_mcbrien WP SimpleWeather wp-simpleweather allows Stored XSS.This issue affects WP SimpleWeat…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25082

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Chirkov FlexIDX Home Search flexidx-home-search allows Stored XSS.This issue affects FlexIDX…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25080

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block kona-instagram-feed-for-gutenberg allows Stored XSS.This issue affe…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25079

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25078

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrew Norcross Google Earth Embed google-earth-tours allows Stored XSS.This issue affects Google…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25077

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress easy-chart-builder allows Stored XSS.This issue affects E…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-25076

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicholaswilson Graceful Email Obfuscation graceful-email-obfuscation allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-25075

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area show-notice-or-message-on-admin-area allows Stored XSS.This issue affects Show notice or message on a…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25074

Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream wp-social-stream allows Stored XSS.This issue affects WP Social Stream: from n/a through <= 1.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-25073

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vasilis Triantafyllou Easy WP Tiles easy-wp-tiles allows Stored XSS.This issue affects Easy WP Ti…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-25072

Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page wp-admin-custom-page allows Stored XSS.This issue affects WP Admin Custom Page: from n/a through <= 1.5.0.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-25071

Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads vignete-ads allows Stored XSS.This issue affects Vignette Ads: from n/a through <= 0.2.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2025-02-06
Medium

CVE-2025-1076

A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-0522

The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS…

CVSS: 4.7 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2025-02-05
Medium

CVE-2025-24803

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentat…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-02-04
Medium

CVE-2025-22675

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end alert-box-block allows Stored X…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22674

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Get Bowtied Product Blocks for WooCommerce product-blocks-for-woocommerce allows Stored XSS.This…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22664

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a thr…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22662

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22653

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tuyennv Music Press Pro music-press-pro allows Stored XSS.This issue affects Music Press Pro: fro…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22642

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtowebsites Dynamic Conditions dynamicconditions allows Stored XSS.This issue affects Dynamic Con…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22641

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prem Tiwari FM Notification Bar fm-notification-bar allows Stored XSS.This issue affects FM Notif…

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-11623

Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons.  This action could only be performed by an authenticated admin user. The…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-13115

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers t…

CVSS: 6.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2025-02-03
High

CVE-2025-24620

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hkharpreetkumar1 AIO Shortcodes aio-shortcodes allows Stored XSS.This issue affects AIO Shortcode…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-23747

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nitesh Awesome Timeline awesome-timeline allows Stored XSS.This issue affects Awesome Timeline: f…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-23581

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Demo User DZS demo-user-dzs-showcase-your-admin-safely allows Stored XSS.This i…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-23561

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robertkay MLL Audio Player MP3 Ajax music-let-loose-mp3-audio-player allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-22703

Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder forge allows Stored XSS.This issue affects Forge – Front-End Page Builder: from n/a through <= 1.4.6.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-22690

Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-22688

Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through <= 0.2.6.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-22685

Cross-Site Request Forgery (CSRF) vulnerability in CheGevara29 Tags to Keywords tags-to-meta-keywords allows Stored XSS.This issue affects Tags to Keywords: from n/a through <= 1.0.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-22684

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XS…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22683

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX notificationx allows Stored XSS.This issue affects NotificationX: from…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-22292

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felipe Peixoto Powerful Auto Chat powers-triggers-of-woo-to-chat allows Stored XSS.This issue aff…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-02-01
Medium

CVE-2024-13096

The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored…

CVSS: 4.6 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2025-01-31
High

CVE-2025-23980

Cross-Site Request Forgery (CSRF) vulnerability in James Andrews Full Circle full-circle allows Stored XSS.This issue affects Full Circle: from n/a through <= 0.5.7.8.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-23978

Cross-Site Request Forgery (CSRF) vulnerability in Ninos FlashCounter flashcounter allows Stored XSS.This issue affects FlashCounter: from n/a through <= 1.1.8.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-23977

Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Post Carousel Slider post-carousel-slider allows Stored XSS.This issue affects Post Carousel Slider: from n/a through <= 2.0.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-23976

Cross-Site Request Forgery (CSRF) vulnerability in operationsissuu Issuu Panel issuu-panel allows Stored XSS.This issue affects Issuu Panel: from n/a through <= 2.1.1.

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-23671

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sav WP OpenSearch wp-opensearch allows Stored XSS.This issue affects WP OpenSearch: from n/a thro…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD