High
CVE-2025-22360
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in promact WP Azure offload wp-azure-offload allows Reflected XSS.This issue affects WP Azure offloa…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 78/398 • 47660 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47660 CVEs for this tag (all time). In the last 365 days, 7590 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-03-28
High
CVE-2025-22356
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stencies Stencies stencies allows Reflected XSS.This issue affects Stencies: from n/a through <=…
High
CVE-2024-51624
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos Já-Já Pagamentos for WooCommerce wc-ja-ja-pagamentos-multicaixa-express allows Ref…
Medium
CVE-2024-39311
Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` applic…
Medium
CVE-2025-2865
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a ma…
Medium
CVE-2025-2864
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victi…
Medium
CVE-2025-31473
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewprice1178 WP Database Optimizer wp-database-optimizer allows Stored XSS.This issue affects…
Medium
CVE-2025-31472
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michele Marri Flatty flatty-flat-admin-theme allows Stored XSS.This issue affects Flatty: from n/…
Medium
CVE-2025-31471
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Falcon Solutions Duplicate Page and Post duplicate-post-and-page allows Stored XSS.This issue aff…
Medium
CVE-2025-31470
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Page Takeover page-takeover allows Stored XSS.This issue affects Page Takeover: from…
Medium
CVE-2025-31465
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornershop Better Section Navigation Widget better-section-navigation allows Stored XSS.This issu…
Medium
CVE-2025-31464
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmur Rahman Text Selection Color text-selection-color allows Stored XSS.This issue affects Text…
Medium
CVE-2025-31463
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in preetindersodhi TGG WP Optimizer tgg-wp-optimizer allows Stored XSS.This issue affects TGG WP Opt…
High
CVE-2025-31460
Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager omnileads-scripts-and-tags-manager allows Stored XSS.This issue affects OmniLeads Scripts and Tags…
High
CVE-2025-31459
Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert login-alert allows Stored XSS.This issue affects Login Alert: from n/a through <= 0.2.1.
High
CVE-2025-31458
Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder video-embedder allows Stored XSS.This issue affects Video Embedder: from n/a through <= 1.7.1.
Medium
CVE-2025-31453
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stian Andreassen YouTube SimpleGallery youtube-simplegallery allows Stored XSS.This issue affects…
Medium
CVE-2025-31452
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mindshare Labs, Inc. WP Ultimate Search wp-ultimate-search allows Stored XSS.This issue affects W…
Medium
CVE-2025-31451
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevinweber wBounce wbounce allows Stored XSS.This issue affects wBounce: from n/a through <= 1.8.…
Medium
CVE-2025-31450
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phantom.omaga Toggle Box toggle-box allows Stored XSS.This issue affects Toggle Box: from n/a thr…
High
CVE-2025-31449
Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor Counter the-visitor-counter allows Stored XSS.This issue affects The Visitor Counter: from n/a through <= 1.4.3.
High
CVE-2025-31444
Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Slideshow showtime-slideshow allows Stored XSS.This issue affects ShowTime Slideshow: from n/a through <= 1.6.
High
CVE-2025-31443
Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It kk-i-like-it allows Stored XSS.This issue affects KK I Like It: from n/a through <= 1.7.5.3.
High
CVE-2025-31440
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Terms of Use terms-of-use-2 allows Stored XSS.This issue affects Terms of Use: from n/a through <= 2.0.
Medium
CVE-2025-31437
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Miller WP-OGP wp-ogp allows Stored XSS.This issue affects WP-OGP: from n/a through <= 1.0.5.
High
CVE-2025-31435
Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts Microblog Poster microblog-poster allows Stored XSS.This issue affects Microblog Poster: from n/a through <= 2.1.6.
Medium
CVE-2025-31434
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Stored XSS.This issue affects Fo…
Medium
CVE-2025-31433
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miguel Sirvent Magic Embeds wp-embed-facebook allows Stored XSS.This issue affects Magic Embeds:…
Medium
CVE-2025-2870
Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sendin…
Medium
CVE-2025-2869
Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sendin…
Medium
CVE-2025-2868
Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sendin…
High
CVE-2025-31102
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.5.
Medium
CVE-2025-31096
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through <= 4.1.…
Medium
CVE-2025-31094
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Ca…
Medium
CVE-2025-31093
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redpixelstudios RPS Include Content rps-include-content allows DOM-Based XSS.This issue affects R…
Medium
CVE-2025-31090
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alordiel Dropdown Multisite selector dropdown-multisite-selector allows Stored XSS.This issue aff…
Medium
CVE-2025-31088
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affec…
Medium
CVE-2025-31083
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Stored XSS.This issue affects Leaky Paywall: from n/a…
Medium
CVE-2025-31077
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate…
Medium
CVE-2025-31075
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments paid-membership allows Stored XSS.This issue affects MicroPayments: from n/a…
Medium
CVE-2025-31073
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bensibley Unlimited unlimited allows Stored XSS.This issue affects Unlimited: from n/a through <=…
Low
CVE-2025-27574
Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed…
Medium
CVE-2025-27567
Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on t…
Medium
CVE-2025-2804
The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the 'account_id' and 'account_username' parameters in all versions up to, an…
Medium
CVE-2025-31092
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.T…
2025-03-27
Medium
CVE-2025-31101
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact F…
Medium
CVE-2025-31031
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Job Colors for WP Job Manager wp-job-manager-colors allows Stored XSS.This issue affec…
Low
CVE-2025-2878
A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the co…
High
CVE-2025-26874
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in memberspace MemberSpace memberspace allows Reflected XSS.This issue affects MemberSpace: from n/a…
Medium
CVE-2025-30366
WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the use…
Medium
CVE-2025-30363
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be e…
Medium
CVE-2025-30362
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be e…
Medium
CVE-2025-26762
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a thr…
Medium
CVE-2025-22640
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in integrationdevpaytm Paytm Payment Donation paytm-donation allows Stored XSS.This issue affects Pa…
Medium
CVE-2025-22638
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce allows Stored XSS.This issue…
High
CVE-2025-22628
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision Filled In filled-in allows Stored XSS.This issue affects Filled In: from n/a through…
Medium
CVE-2025-22497
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bramwaas Simple Google Calendar Outlook Events Block Widget simple-google-icalendar-widget allows…
Medium
CVE-2025-22496
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarMar8x Notif Bell notif-bell allows Stored XSS.This issue affects Notif Bell: from n/a through…
Medium
CVE-2025-22278
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1…
Medium
CVE-2025-22660
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wolfgang Include Mastodon Feed include-mastodon-feed allows DOM-Based XSS.This issue affects Incl…
Medium
CVE-2025-22659
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit F…
High
CVE-2025-22658
Cross-Site Request Forgery (CSRF) vulnerability in Listings for Appfolio Listings for Appfolio listings-for-appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through <= 1.…
Medium
CVE-2025-22649
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project…
Medium
CVE-2025-22648
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Blog, Posts and Category Filter for Elementor blog-posts-and-category-for-elementor a…
Medium
CVE-2025-22646
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite allows Stored XSS.This…
Medium
CVE-2025-22644
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce vayu-blocks allows Stored XS…
Medium
CVE-2025-26738
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Graham Quick Interest Slider quick-interest-slider allows DOM-Based XSS.This issue affects Quick…
Medium
CVE-2025-26737
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.…
Medium
CVE-2025-26736
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in victortihai MorningTime Lite morningtime-lite allows Stored XSS.This issue affects MorningTime Li…
Medium
CVE-2025-26734
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peregrinethemes Hester hester allows Stored XSS.This issue affects Hester: from n/a through <= 1.…
Medium
CVE-2025-26732
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware StoreBiz storebiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a throu…
Medium
CVE-2025-26731
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARPrice arprice allows Stored XSS.This issue affects ARPrice: from n/a through…
High
CVE-2025-25100
Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba cazamba allows Reflected XSS.This issue affects Cazamba: from n/a through <= 1.2.
High
CVE-2025-25086
Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta facebook-secret-meta allows Reflected XSS.This issue affects Secret Meta: from n/a through <= 1.2.1.
Medium
CVE-2025-22816
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetrendy Power Mag power-mag allows DOM-Based XSS.This issue affects Power Mag: from n/a throug…
High
CVE-2025-2255
An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site S…
High
CVE-2025-0811
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site…
Medium
CVE-2025-31140
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
Medium
CVE-2025-30925
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack E…
Medium
CVE-2025-30922
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder simplebooklet allows Stored XSS.This issue af…
Medium
CVE-2025-30920
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Ca…
High
CVE-2025-30919
Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget store-locator-widget allows Stored XSS.This issue affects Store Locator Widget: from n/a through <= 2025r…
Medium
CVE-2025-30918
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme Structured Content structured-content allows Stored XSS.This issue affects Structure…
Medium
CVE-2025-30907
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n…
Medium
CVE-2025-30904
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Stored XSS.This issue affects Chartify: from n/a through <=…
Medium
CVE-2025-30903
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Mills SyntaxHighlighter Evolved syntaxhighlighter allows DOM-Based XSS.This issue affects Sy…
Medium
CVE-2025-30900
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho B…
Medium
CVE-2025-30899
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registrat…
Medium
CVE-2025-30898
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahdi Yousefi [MahdiY] افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) persian-woocomm…
Medium
CVE-2025-30893
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadConnector LeadConnector leadconnector allows DOM-Based XSS.This issue affects LeadConnector:…
Medium
CVE-2025-30873
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Stored XSS.This issue affec…
Medium
CVE-2025-30867
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SearchIQ SearchIQ searchiq allows Stored XSS.This issue affects SearchIQ: from n/a through <= 4.7.
Medium
CVE-2025-30860
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows DOM-Based XSS.Th…
High
CVE-2025-30857
Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooComme…
Medium
CVE-2025-30850
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sfaerber Dr. Flex dr-flex allows Stored XSS.This issue affects Dr. Flex: from n/a through <= 2.0.…
Medium
CVE-2025-30847
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashley Novelist novelist allows Stored XSS.This issue affects Novelist: from n/a through <= 1.2.3.
Medium
CVE-2025-30838
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks cozy-addons allows Stored XSS.This issue affects Cozy Blocks: from n/a thr…
Medium
CVE-2025-30836
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint latepoint allows Stored XSS.This issue affects LatePoint: from n/a through <=…
Medium
CVE-2025-30832
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows DOM-Based XSS.This issue affects Themify E…
Medium
CVE-2025-30826
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy IP Locator ip-locator allows DOM-Based XSS.This issue affects IP Locator: from n/a…
Medium
CVE-2025-30818
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge jalbum-bridge allows DOM-Based XSS.This issue affects jAlbum Bridge: from n/a…
Medium
CVE-2025-30813
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in listamester Listamester listamester allows Stored XSS.This issue affects Listamester: from n/a th…
Medium
CVE-2025-30812
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Addons for Elementor skt-addons-for-elementor allows Stored XSS.This issue affec…
Medium
CVE-2025-30800
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atawai Gum Elementor Addon gum-elementor-addon allows Stored XSS.This issue affects Gum Elementor…
Medium
CVE-2025-30799
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagup WP Google Street View wp-google-street-view allows Stored XSS.This issue affects WP Google…
Medium
CVE-2025-30792
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ufukart Comment Approved Notifier Extended comment-approved-notifier-extended allows Stored XSS.T…
Medium
CVE-2025-30789
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in clearoutio Clearout Email Validator clearout-email-validator allows Stored XSS.This issue affects…
High
CVE-2025-30787
Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup:…
Medium
CVE-2025-30786
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama quotes-llama allows DOM-Based XSS.This issue affects Quotes llama: from n/a…
Medium
CVE-2025-30780
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cubecolour Audio Album audio-album allows Stored XSS.This issue affects Audio Album: from n/a thr…
Medium
CVE-2025-30779
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick van Wobbie Doneren met Mollie doneren-met-mollie allows Stored XSS.This issue affects Donere…
Medium
CVE-2025-30776
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit sitekit allows Stored XSS.This issue affects Sitekit: from n/a through <= 1.8.
Medium
CVE-2025-30771
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alain-Aymerick FRANCOIS WP Cassify wp-cassify allows DOM-Based XSS.This issue affects WP Cassify:…
Medium
CVE-2025-30770
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable charitable allows DOM-Based XSS.This issue affects Charitable: from n/a th…
High
CVE-2025-30769
Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite wip-woocarousel-lite allows Stored XSS.This issue affects WIP WooCarousel Lite: from n/a through <= 1.1.7.
Medium
CVE-2025-30768
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge jalbum-bridge allows Stored XSS.This issue affects jAlbum Bridge: from n/a th…
Medium
CVE-2025-30766
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows DOM-Based XSS.This issue af…
Medium
CVE-2025-30763
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer EO4WP fw-integration-for-emailoctopus allows Stored XSS.This issue affects EO4WP: fr…
Medium
CVE-2025-2685
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insu…
Medium
CVE-2025-31165
Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature.