Medium
CVE-2025-58830
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Stored XSS.This issu…
Tag: Stored XSS
All CVEs associated with "Stored XSS". Page 8/45 • 5376 CVEs.
Subscribe CVEs: RSS for “Stored XSS” · RSS (High+Critical only)
About “Stored XSS”
A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-09-05
Medium
CVE-2025-58828
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemstory 코드엠샵 소셜톡 mshop-naver-talktalk allows Stored XSS.This issue affects 코드엠샵 소셜톡: from n/a…
Medium
CVE-2025-58826
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Mann WP Publication Archive wp-publication-archive allows Stored XSS.This issue affects WP…
Medium
CVE-2025-58825
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Comment Form WP – Customize Default Comment Form comment-form-wp allows Stored XSS…
Medium
CVE-2025-58823
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The African Boss Get Cash get-cash allows Stored XSS.This issue affects Get Cash: from n/a throug…
Medium
CVE-2025-58821
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdever WP Notification Bell wp-notification-bell allows Stored XSS.This issue affects WP Notific…
Medium
CVE-2025-58820
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate carousel allows Stored XSS.This issue affects Carousel Ultimate: fr…
Medium
CVE-2025-58814
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ram Ratan Maurya Stagtools stagtools allows Stored XSS.This issue affects Stagtools: from n/a thr…
Medium
CVE-2025-58812
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto allows Stored XS…
Medium
CVE-2025-58811
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs Ultimate Client Dash ulimate-client-dash allows Stored XSS.This issue affects Ultimate…
Medium
CVE-2025-58810
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jimmywb Simple Link List Widget simple-link-list-widget allows Stored XSS.This issue affects Simp…
Medium
CVE-2025-58808
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Babar prettyPhoto prettyphoto allows Stored XSS.This issue affects prettyPhoto: from n/a through…
High
CVE-2025-58807
Cross-Site Request Forgery (CSRF) vulnerability in Dsingh Purge Varnish Cache purge-varnish allows Stored XSS.This issue affects Purge Varnish Cache: from n/a through <= 2.6.
High
CVE-2025-58806
Cross-Site Request Forgery (CSRF) vulnerability in Tom Longridge WordPress Error Monitoring by Bugsnag bugsnag allows Stored XSS.This issue affects WordPress Error Monitoring by Bugsnag: from n/a thr…
Medium
CVE-2025-58805
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Stored XSS.This issue affects Widget…
Medium
CVE-2025-58796
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dudaster Elementor Element Condition ele-conditions allows Stored XSS.This issue affects Elemento…
Medium
CVE-2025-58793
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Elementor Addons wpb-elementor-addons allows Stored XSS.This issue affects WPB Element…
Medium
CVE-2025-58791
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arjan Olsder SEO Auto Linker wpa-seo-auto-linker allows Stored XSS.This issue affects SEO Auto Li…
Medium
CVE-2025-58790
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Kiwi kiwi-social-share allows Stored XSS.This issue affects Kiwi: from n/a through <= 2.1.…
Medium
CVE-2025-58787
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Popup themify-popup allows Stored XSS.This issue affects Themify Popup: from n/…
Medium
CVE-2025-58784
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft ARI Fancy Lightbox ari-fancy-lightbox allows Stored XSS.This issue affects ARI Fancy Ligh…
2025-09-03
Medium
CVE-2025-56761
Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve…
Medium
CVE-2025-58640
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Document Engine document-engine allows Stored XSS.This issue affects Document Engine…
Medium
CVE-2025-58633
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Stored XSS.This issue affects Booking Ultra…
Medium
CVE-2025-58632
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common dadevarzan-common allows Stored XSS.This issue affects Dad…
Medium
CVE-2025-58630
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer Simple Matomo Tracking Code simple-matomo-tracking-code allows Stored XSS.This issue affect…
Medium
CVE-2025-58626
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Stored XSS.This i…
Medium
CVE-2025-58625
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from…
Medium
CVE-2025-58624
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Exchange Rates exchange-rates allows Stored XSS.This issue affects Exchange Rates: fro…
Medium
CVE-2025-58621
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amuse Labs PuzzleMe for WordPress puzzleme allows Stored XSS.This issue affects PuzzleMe for Word…
Medium
CVE-2025-58620
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Stored XSS.This issue affects PDF for WPForms:…
Medium
CVE-2025-58614
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy:…
Medium
CVE-2025-58612
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Stored XSS.This issue affects PropertyHive: from n…
Medium
CVE-2025-58610
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows Stored XSS.This issue affects Galler…
Medium
CVE-2025-58609
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Stored XSS.This issue affects Late…
Medium
CVE-2025-58607
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance cookie-notice-and-consent-ban…
Medium
CVE-2025-58605
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious delicious-recipes allows Stored XSS.This issue affects WP Delicious: fr…
Medium
CVE-2025-58602
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue af…
Medium
CVE-2025-58596
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin mailoptin allows Stored XSS.This issue affects MailOptin: from n/a throu…
Medium
CVE-2025-58593
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit F…
2025-09-02
Medium
CVE-2025-52546
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan fi…
2025-08-28
Medium
CVE-2025-48365
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imaprogrammer Custom Comment customcomment allows Stored XSS.This issue affects Custom Comment: f…
Medium
CVE-2025-48360
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Stored XSS.This issue affects Varnish/N…
High
CVE-2025-48359
Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget att-youtube allows Stored XSS.This issue affects ATT YouTube Widget: from n/a through <= 1.0.
Medium
CVE-2025-48358
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in everythingwp Risk Free Cash On Delivery (COD) – WooCommerce risk-free-cash-on-delivery-cod-woocom…
Medium
CVE-2025-48356
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Isra Kanpress kanpress allows Stored XSS.This issue affects Kanpress: from n/a through <= 1.1.
Medium
CVE-2025-48354
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor better-post-filter-widgets-for-elemen…
High
CVE-2025-48353
Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin (Ni…
Medium
CVE-2025-48352
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sitesearch-yandex Yandex Site search pinger yandex-pinger allows Stored XSS.This issue affects Ya…
High
CVE-2025-48351
Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen kento-splash-screen allows Stored XSS.This issue affects Kento Splash Screen: from n/a through <= 1.4.
Medium
CVE-2025-48349
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in origincode Video Gallery – Vimeo and YouTube Gallery smart-grid-gallery allows Stored XSS.This is…
Medium
CVE-2025-48347
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Mimoun-Prat bxSlider integration for WordPress bxslider-integration allows Stored XSS.Thi…
High
CVE-2025-48343
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication wpmuldap allows Stored XSS.This issue affects WPMU Ldap Authentication: from n/a through <= 5.0.1.
High
CVE-2025-48325
Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme wp-admin-theme allows Stored XSS.This issue affects WP Admin Theme: from n/a through <= 1.0.
Medium
CVE-2025-48324
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khashabawy tli.tl auto Twitter poster tlitl-auto-twitter-poster allows Stored XSS.This issue affe…
Medium
CVE-2025-48323
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Abunaser Khan Advance Food Menu advance-food-menu allows Stored XSS.This issue affects Advance…
Medium
CVE-2025-48322
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Finn Dohrn Statify Widget statify-widget allows Stored XSS.This issue affects Statify Widget: fro…
High
CVE-2025-48321
Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate twitter profile widget ultimate-twitter-profile-widget allows Stored XSS.This issue affects Ultimate twitter profile widget: from n…
High
CVE-2025-48320
Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 baidushare-wp allows Stored XSS.This issue affects 百度分享按钮: from n/a through <= 1.0.6.
Medium
CVE-2025-48319
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gslauraspeck Mesa Mesa Reservation Widget mesa-mesa-reservation-widget allows Stored XSS.This iss…
Medium
CVE-2025-48316
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ItayXD Responsive Mobile-Friendly Tooltip responsive-mobile-friendly-tooltip allows Stored XSS.Th…
Medium
CVE-2025-48315
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stanton119 WordPress HTML custom-html-bodyhead allows Stored XSS.This issue affects WordPress HTM…
Medium
CVE-2025-48314
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salubrio Add Code To Head add-code-to-head allows Stored XSS.This issue affects Add Code To Head:…
Medium
CVE-2025-48313
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevin heath Tripadvisor Shortcode tripadvisor-shortcode allows Stored XSS.This issue affects Trip…
Medium
CVE-2025-48312
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 文派翻译(WP Chinese Translation) WPAvatar wpavatar allows Stored XSS.This issue affects WPAvatar: fro…
High
CVE-2025-48311
Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin invisible-optin allows Stored XSS.This issue affects Invisible Optin: from n/a through <= 1.0.
High
CVE-2025-48309
Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress betpress allows Stored XSS.This issue affects BetPress: from n/a through <= 1.0.1 Lite.
High
CVE-2025-48308
Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newsletter subscription optin module newsletter-subscription-widget-for-sendblaster allows Stored XSS.This issue affects Newsletter subscr…
High
CVE-2025-48307
Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao SEO For Images seo-for-images allows Stored XSS.This issue affects SEO For Images: from n/a through <= 1.0.0.
High
CVE-2025-48306
Cross-Site Request Forgery (CSRF) vulnerability in developers savyour Savyour Affiliate Partner savyour-affiliate-partner allows Stored XSS.This issue affects Savyour Affiliate Partner: from n/a thro…
Medium
CVE-2025-48305
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon goal-tracker-for-patreon allows Stored XSS.This issue affects G…
High
CVE-2025-48304
Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin gn-xml-sitemap allows Stored XSS.This issue affects Google XML News Sitemap plugin: from n/a through <= 0…
Medium
CVE-2025-48110
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mibuthu Link View link-view allows Stored XSS.This issue affects Link View: from n/a through <= 0…
High
CVE-2025-48109
Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup xm-backup allows Stored XSS.This issue affects XM-Backup: from n/a through <= 0.9.1.
Medium
CVE-2025-54544
QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which w…
Medium
CVE-2025-54543
QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which wil…
2025-08-27
High
CVE-2025-58217
Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through <= 1.0.
Medium
CVE-2025-58216
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Thumbtack Review Slider wp-thumbtack-review-slider allows Stored XSS.This issue affe…
Medium
CVE-2025-58213
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ameliabooking Booking System Trafft booking-system-trafft allows Stored XSS.This issue affects Bo…
Medium
CVE-2025-58211
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Stored XSS.This issue affects Chatbox Manager:…
Medium
CVE-2025-58209
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtCamp Transcoder transcoder allows Stored XSS.This issue affects Transcoder: from n/a through <=…
Medium
CVE-2025-58208
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allo…
Medium
CVE-2025-58197
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mra13 Simple Download Monitor simple-download-monitor allows Stored XSS.This issue affects Simple…
Medium
CVE-2025-58196
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from…
Medium
CVE-2025-58195
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Stored XSS.This issue affects Xpro Elemen…
Medium
CVE-2025-58194
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Bui…
High
CVE-2025-30036
Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of…
Medium
CVE-2025-49039
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mibuthu Link View link-view allows Stored XSS.This issue affects Link View: from n/a through <= 0…
Medium
CVE-2025-49035
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaimchaikin Admin Menu Groups admin-menu-groups allows Stored XSS.This issue affects Admin Menu…
2025-08-26
Medium
CVE-2025-50975
IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters such as PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr, all…
Medium
CVE-2025-52037
A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads…
Medium
CVE-2025-52036
A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=categories. The manipulation of the title of the service descriptions…
Medium
CVE-2025-52035
A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed…
2025-08-25
High
CVE-2025-54301
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped.
High
CVE-2025-54300
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
2025-08-22
Medium
CVE-2025-57891
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations recurring-donation allows Stored XSS.This issue affects Re…
Medium
CVE-2025-57890
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy Sessions sessions allows Stored XSS.This issue affects Sessions: from n/a through <…
Medium
CVE-2025-57887
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Stored XSS.This issue affects Jobmonster: from n/a thro…
2025-08-21
Medium
CVE-2025-55104
A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS pa…
2025-08-20
Medium
CVE-2025-54172
QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/e…
High
CVE-2025-57731
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
Medium
CVE-2025-54046
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator ql-cost-calculator allows Stored XSS.This issue affects Cost Calcula…
Medium
CVE-2025-53195
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through…
High
CVE-2025-49428
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a through 1.3.
Medium
CVE-2025-49412
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in numixtech Page Transition page-transition allows Stored XSS.This issue affects Page Transition: f…
High
CVE-2025-49411
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.…
Critical
CVE-2025-49410
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through…
Critical
CVE-2025-49409
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SensorPress allows Stored XSS. This issue affects SensorPress: from n/a through 1.0.
Critical
CVE-2025-49400
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visi…
Medium
CVE-2025-49397
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Colorbox Lightbox wp-colorbox allows Stored XSS.This issue affects Colorbox Lightbox: f…
Medium
CVE-2025-49395
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Icons themify-icons allows Stored XSS.This issue affects Themify Icons: from n/…
Medium
CVE-2025-49392
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Audio Dock themify-audio-dock allows Stored XSS.This issue affects Themify Audi…
Medium
CVE-2025-49389
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Solutions Notice Bar notice-bar allows Stored XSS.This issue affects Notice Bar: from n/a thr…
2025-08-19
Medium
CVE-2025-55735
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises w…
2025-08-14
Medium
CVE-2025-55714
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElement…
Medium
CVE-2025-55713
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy allows Stored XSS.This issue affects Blocksy: from n/a through <…
Medium
CVE-2025-55711
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Stored XSS.This issue affects WP Table…
Medium
CVE-2025-55709
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affec…
Medium
CVE-2025-54749
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows Stored XSS.This issue affects JetProd…
Medium
CVE-2025-54746
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect shortcode-redirect allows Stored XSS.This issue affects Shortcode Red…