Medium
CVE-2025-54892
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) allows Stored XSS by…
Tag: Stored XSS
All CVEs associated with "Stored XSS". Page 6/45 • 5376 CVEs.
Subscribe CVEs: RSS for “Stored XSS” · RSS (High+Critical only)
About “Stored XSS”
A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-10-14
Medium
CVE-2025-54891
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS…
Medium
CVE-2025-54889
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XS…
2025-10-10
High
CVE-2025-60880
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This…
Medium
CVE-2025-40640
Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm…
2025-10-07
High
CVE-2025-25009
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.
Medium
CVE-2025-40649
Stored Cross-Site Scripting (XSS) in Biobanking and Biomolecular Resources Negotiator v3.15.2 - European Research Infrastructure (BBMRI-ERIC), consisting of a stored XSS due to a lack of proper valid…
2025-10-06
Medium
CVE-2025-9710
The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality t…
2025-10-03
Medium
CVE-2025-61681
KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoi…
2025-10-02
Medium
CVE-2025-40992
Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name' parameter via POST. This vul…
Medium
CVE-2025-40646
Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm…
2025-10-01
Medium
CVE-2025-40648
Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the 'numero_conferencia' parameter in '/index.p…
Medium
CVE-2025-40647
Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the 'email' parameter in '/index.php?menu=addre…
Medium
CVE-2025-9512
The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored X…
2025-09-29
Critical
CVE-2025-56795
Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting (XSS) in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/{recipe_n…
2025-09-26
Medium
CVE-2025-57692
PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
Medium
CVE-2025-60186
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Google+ Comments google-plus-comments allows Stored XSS.This issue affects Google+ Comm…
Medium
CVE-2025-60185
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kontur.us kontur Admin Style kontur-admin-style allows Stored XSS.This issue affects kontur Admin…
Medium
CVE-2025-60184
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. SEO Search Permalink seo-search-permalink allows Stored XSS.This issue affects SEO Searc…
Medium
CVE-2025-60179
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Space Studio Click & Tweet allows Stored XSS. This issue affects Click & Tweet: from n/a through…
Medium
CVE-2025-60177
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp recaptcha-wp allows Stored XSS.This issue affects Recaptcha – wp: from n/a th…
High
CVE-2025-60173
Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce gst-for-woocommerce allows Stored XSS.This issue affects GST for WooCommerce: from n/a through <= 2.0.
High
CVE-2025-60172
Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital flytedesk-digital allows Stored XSS.This issue affects Flytedesk Digital: from n/a through <= 20181101.
High
CVE-2025-60171
Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices allows Stored XSS.This issue affects…
High
CVE-2025-60170
Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker htaccess-ip-blocker allows Stored XSS.This issue affects HTACCESS IP Blocker: from n/a through <= 1.0.
High
CVE-2025-60169
Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM w3s-cf7-zoho allows Stored XSS.This issue affects W3SCloud Contact Form 7 to Zoho CRM: from…
High
CVE-2025-60164
Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp newsmanapp allows Stored XSS.This issue affects NewsmanApp: from n/a through <= 2.7.7.
Medium
CVE-2025-60160
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sharkthemes Smart Related Products ai-related-products allows Stored XSS.This issue affects Smart…
Medium
CVE-2025-60158
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce nota-fiscal-eletronica-woocommerce allows Stored XS…
Medium
CVE-2025-60157
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System wp-ticket allows Store…
Medium
CVE-2025-60154
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jennifer Moss MWW Disclaimer Buttons mww-disclaimer-buttons allows Stored XSS.This issue affects…
Medium
CVE-2025-60149
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rocket Apps Notely notely allows Stored XSS.This issue affects Notely: from n/a through <= 1.8.0.
Medium
CVE-2025-60147
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Feed ht-instagram allows Stored XSS.This issue affects HT Feed: from n/a through <=…
Medium
CVE-2025-60146
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amit Verma Map Categories to Pages map-categories-to-pages allows Stored XSS.This issue affects M…
Medium
CVE-2025-60144
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Stored XSS.This issue affects Lenix scss c…
Medium
CVE-2025-60141
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thetechtribe The Tribal the-tech-tribe allows Stored XSS.This issue affects The Tribal: from n/a…
Medium
CVE-2025-60138
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a thro…
Medium
CVE-2025-60136
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through…
Medium
CVE-2025-60133
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DJ-Extensions.com PE Easy Slider pe-easy-slider allows Stored XSS.This issue affects PE Easy Slid…
Medium
CVE-2025-60124
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Hellyer Simple Colorbox simple-colorbox allows Stored XSS.This issue affects Simple Colorbox…
Medium
CVE-2025-60112
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite allows Stored XSS.This…
Medium
CVE-2025-60105
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty ditty-news-ticker allows Stored XSS.This issue affects Ditty: from n/a th…
Medium
CVE-2025-60104
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery Custom Links gallery-custom-links allows Stored XSS.This issue affects Gallery…
Medium
CVE-2025-60102
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront User Role Editor wpfront-user-role-editor allows Stored XSS.This issue affects…
Medium
CVE-2025-60101
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in duongancol Woostify woostify allows Stored XSS.This issue affects Woostify: from n/a through <= 2…
Medium
CVE-2025-60099
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Docu…
Medium
CVE-2025-60040
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fkrauthan wp-mpdf wp-mpdf allows Stored XSS.This issue affects wp-mpdf: from n/a through <= 3.9.1.
Medium
CVE-2025-58917
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows…
Medium
CVE-2025-27006
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeplugs Authorsy authorsy allows Stored XSS.This issue affects Authorsy: from n/a through <= 1…
2025-09-25
Critical
CVE-2025-59832
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user…
High
CVE-2025-59839
The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and…
High
CVE-2025-10467
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information…
2025-09-23
Medium
CVE-2025-58674
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a…
High
CVE-2025-9798
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows Stored XSS.This issue affects Netigma: from 6.3.3 befo…
Medium
CVE-2025-58915
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design Request a Quote request-a-quote allows Stored XSS.This issue affects Request a Quo…
2025-09-22
Medium
CVE-2025-59592
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Acosta Make Column Clickable Elementor make-column-clickable-elementor allows Stored XSS…
Medium
CVE-2025-59590
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Stored XSS.This issue affect…
Medium
CVE-2025-59574
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel Engine WP Travel Engine wte-elementor-widgets allows Stored XSS.This issue affects WP T…
Medium
CVE-2025-59569
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Stored XSS.This issue affects CubeWP: from n/a throu…
Medium
CVE-2025-59565
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce upsell-order-bump-offer-for-woocommerce allows…
Medium
CVE-2025-59552
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Dev Team Save as PDF save-as-pdf-by-pdfcrowd allows Stored XSS.This issue affects Save a…
Medium
CVE-2025-59549
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms getresponse allows Stored XSS.This issue affects GetResponse Forms:…
Medium
CVE-2025-58992
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog…
Medium
CVE-2025-58974
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through…
Medium
CVE-2025-58965
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery fusion-extension-gallery allows St…
Medium
CVE-2025-58960
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login ip-based-login allows Stored XSS.This issue affects IP Based Login: fro…
High
CVE-2025-58956
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive…
Medium
CVE-2025-58704
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts wp-delete-user-accounts allows Stored XSS.This issue affects…
Medium
CVE-2025-58703
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skyword Skyword API Plugin skyword-plugin allows Stored XSS.This issue affects Skyword API Plugin…
Medium
CVE-2025-58702
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebWizards MarketKing marketking-multivendor-marketplace-for-woocommerce allows Stored XSS.This i…
Medium
CVE-2025-58691
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Genesis Club Lite genesis-club-lite allows Stored XSS.This issue affects Genesis…
High
CVE-2025-58690
Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect doliconnect allows Stored XSS.This issue affects Doliconnect: from n/a through <= 9.5.7.
Medium
CVE-2025-58689
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tapfiliate Tapfiliate tapfiliate allows Stored XSS.This issue affects Tapfiliate: from n/a throug…
High
CVE-2025-58688
Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through <= 2.1.4.
High
CVE-2025-58687
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through <= 1.6.
Medium
CVE-2025-58684
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Logo Showcase logo-showcase allows Stored XSS.This issue affects Logo Showcase: from…
Medium
CVE-2025-58683
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luke Mlsna Last Updated Shortcode last-updated-shortcode allows Stored XSS.This issue affects Las…
Medium
CVE-2025-58682
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter kama-clic-counter allows Stored XSS.This issue affects Kama Click…
High
CVE-2025-58677
Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews shrinktheweb-website-preview-plugin allows Stored XSS.This issue affects ShrinkTheWeb (STW) Website…
High
CVE-2025-58676
Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER horizontal-slider allows Stored XSS.This issue affects HORIZONTAL SLIDER: from n/a through <= 2.4.
High
CVE-2025-58671
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in morganrichards Auction Feed auction-feed allows Stored XSS.This issue affects Auction Feed: from…
High
CVE-2025-58670
Cross-Site Request Forgery (CSRF) vulnerability in Shankaranand Maurya WP Content Protection wp-content-protection allows Stored XSS.This issue affects WP Content Protection: from n/a through <= 1.3.
Medium
CVE-2025-58669
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration m2wp allows Stored XSS.This issue affects Magento 2…
Medium
CVE-2025-58665
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmontg1 Form Generator for WordPress form-generator-powered-by-jotform allows Stored XSS.This iss…
Medium
CVE-2025-58661
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eZee Technosys eZee Online Hotel Booking Engine online-booking-engine allows Stored XSS.This issu…
Medium
CVE-2025-58658
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proof Factor LLC Proof Factor – Social Proof Notifications proof-factor-social-proof-notification…
High
CVE-2025-58657
Cross-Site Request Forgery (CSRF) vulnerability in EdwardBock Grid grid allows Stored XSS.This issue affects Grid: from n/a through <= 2.3.1.
Medium
CVE-2025-58655
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mat Category Featured Images category-featured-images allows Stored XSS.This issue affects Catego…
Medium
CVE-2025-58653
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JS Morisset JSM file_get_contents() Shortcode wp-file-get-contents allows Stored XSS.This issue a…
Medium
CVE-2025-58652
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate carousel allows Stored XSS.This issue affects Carousel Ultimate: fr…
Medium
CVE-2025-58648
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Logi…
Medium
CVE-2025-58647
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will.I.am Simple Restaurant Menu simple-restaurant-menu allows Stored XSS.This issue affects Simp…
Medium
CVE-2025-58646
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chtombleson Mobi2Go mobi2go allows Stored XSS.This issue affects Mobi2Go: from n/a through <= 1.0…
Medium
CVE-2025-58645
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravitate Gravitate Automated Tester gravitate-automated-tester allows Stored XSS.This issue affe…
Medium
CVE-2025-58271
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio anyclip-media allows Stored XSS.This issue affects…
High
CVE-2025-58268
Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator wpmk-pdf-generator allows Stored XSS.This issue affects WPMK PDF Generator: from n/a through <= 1.0.1.
High
CVE-2025-58267
Cross-Site Request Forgery (CSRF) vulnerability in Aftabul Islam Stock Message stock-message allows Stored XSS.This issue affects Stock Message: from n/a through <= 1.1.0.
Medium
CVE-2025-58266
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through <…
Medium
CVE-2025-58265
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps stonehenge-em-osm allows Stored XSS.This iss…
Medium
CVE-2025-58264
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artbees JupiterX Core jupiterx-core allows Stored XSS.This issue affects JupiterX Core: from n/a…
Medium
CVE-2025-58263
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This is…
High
CVE-2025-58262
Cross-Site Request Forgery (CSRF) vulnerability in WPDirectoryKit Sweet Energy Efficiency sweet-energy-efficiency allows Stored XSS.This issue affects Sweet Energy Efficiency: from n/a through <= 1.0…
High
CVE-2025-58261
Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection mavis-https-to-http-redirect allows Stored XSS.This issue affects Mavis HTTPS to HTTP Re…
Medium
CVE-2025-58260
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Stored XSS.This issue affects Highl…
Medium
CVE-2025-58257
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Stored XSS.This issue affects Verowa Con…
Medium
CVE-2025-58256
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Brinley DOAJ Export doaj-export allows Stored XSS.This issue affects DOAJ Export: from n…
Medium
CVE-2025-58254
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dtbaker StylePress for Elementor full-site-builder-for-elementor allows Stored XSS.This issue aff…
Medium
CVE-2025-58248
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codefish Pinterest Pinboard Widget pinterest-pinboard-widget allows Stored XSS.This issue affects…
Medium
CVE-2025-58240
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags xili-tidy-tags allows Stored XSS.This issue affects xili-ti…
Medium
CVE-2025-58239
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandrika Sista WP Category Dropdown wp-category-dropdown allows Stored XSS.This issue affects WP…
Medium
CVE-2025-58238
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ONTRAPORT PilotPress pilotpress allows Stored XSS.This issue affects PilotPress: from n/a through…
Medium
CVE-2025-58237
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Stored XSS.This issue affects LC Wizard: from n/a throug…
Medium
CVE-2025-58235
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Us…
Medium
CVE-2025-58234
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Job Manager js-jobs allows Stored XSS.This issue affects JS Job Manager: from n/a thro…
Medium
CVE-2025-58231
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bitlydeveloper Bitly wp-bitly allows Stored XSS.This issue affects Bitly: from n/a through <= 2.8…
Medium
CVE-2025-58229
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit sitekit allows Stored XSS.This issue affects Sitekit: from n/a through <= 2.0.
Medium
CVE-2025-58228
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Quick View for WooCommerce woo-quickview allows Stored XSS.This issue affects Qu…
Medium
CVE-2025-58227
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Lueken Podlove Subscribe button podlove-subscribe-button allows Stored XSS.This issue a…
Medium
CVE-2025-58223
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor VoucherPress voucherpress allows Stored XSS.This issue affects VoucherPress: from n/…
Medium
CVE-2025-58033
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leeshadle Draft website-builder allows Stored XSS.This issue affects Draft: from n/a through <= 3…