Medium
CVE-2024-13866
The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This ma…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 83/398 • 47666 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47666 CVEs for this tag (all time). In the last 365 days, 7596 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-03-05
Medium
CVE-2024-13827
The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg() and remove_query_arg() functions without appro…
Medium
CVE-2024-13350
The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.7 due to insuff…
Medium
CVE-2025-27679
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Badge Registration V-2023-005.
Medium
CVE-2025-27676
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002.
Medium
CVE-2025-27660
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross Site Scripting OVE-20230524-0003.
Medium
CVE-2025-27654
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017.
Medium
CVE-2025-27653
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012.
Medium
CVE-2025-27637
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016.
Low
CVE-2025-1967
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /user_dashboar…
2025-03-04
Low
CVE-2025-1957
A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument…
Low
CVE-2025-1955
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/…
Medium
CVE-2025-26202
Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inj…
Medium
CVE-2025-1949
A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL H…
Medium
CVE-2025-27155
Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is v…
Medium
CVE-2025-26091
A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by inc…
High
CVE-2024-50705
Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.
Medium
CVE-2025-0370
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficien…
Medium
CVE-2025-0512
The Structured Content (JSON-LD) #wpsc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions up to, and including, 6.4.5 du…
Medium
CVE-2025-0433
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter i…
Medium
CVE-2024-9618
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in…
Low
CVE-2025-1905
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The manipulation of the argume…
Low
CVE-2025-1904
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /Blood/A+.php. The manipu…
Low
CVE-2025-1892
A vulnerability was found in shishuocms 1.1. It has been classified as problematic. Affected is an unknown function of the file /manage/folder/add.json of the component Directory Deletion Page. The m…
2025-03-03
Medium
CVE-2024-55064
Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3)…
Medium
CVE-2024-5888
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51963
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and follow that may allow a remote, authenticated attacker to create a stored crafted link which when clicked c…
Medium
CVE-2024-51960
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51959
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51957
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51956
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51953
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51952
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51951
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51950
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51949
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51948
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51947
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51946
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51945
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51944
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-51942
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
Medium
CVE-2024-10904
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co…
High
CVE-2025-27500
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint(/api/upload) on the admin panel can be accessed without any form of authentication. This endp…
Medium
CVE-2025-27499
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the processa_edicao_socio.php endpo…
Medium
CVE-2025-25939
Reprise License Manager 14.2 is vulnerable to reflected cross-site scripting in /goform/activate_process via the akey parameter.
Medium
CVE-2024-51091
Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package
Medium
CVE-2024-57240
A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file.
Medium
CVE-2025-27420
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the atendido_parentesco_adicionar.p…
Medium
CVE-2025-27418
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_tipo_atendido.php end…
Medium
CVE-2025-27417
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_status_atendido.php e…
Medium
CVE-2025-27099
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion…
High
CVE-2025-0555
A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls…
High
CVE-2025-27279
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lynk Flashfader flashfader allows Reflected XSS.This issue affects Flashfader: from n/a through <…
High
CVE-2025-27278
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Ghedini AcuGIS Leaflet Maps mapfig-premium-leaflet-map-maker allows Reflected XSS.This issu…
High
CVE-2025-27275
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andrew_fisher WOO Codice Fiscale woo-codice-fiscale allows Reflected XSS.This issue affects WOO C…
Medium
CVE-2025-27273
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winking Affiliate Links Manager affiliate-links-manager allows Reflected XSS.This issue affects A…
High
CVE-2025-27271
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberto Cocchiara DB Tables Import/Export db-tables-importexport allows Reflected XSS.This issue…
High
CVE-2025-27269
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anton Aleksandrov .htaccess Login block htaccess-login-block allows Reflected XSS.This issue affe…
High
CVE-2025-26994
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite zigaform-calculator-…
High
CVE-2025-26989
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform zigaform-form-builder-lite allows Stored XSS.This issue affects Zigaform: f…
High
CVE-2025-26984
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Reflected XSS.This issue affects SMS A…
High
CVE-2025-26918
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edi…
High
CVE-2025-26917
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WP Templata wptemplata allows Reflected XSS.This issue affects WP Templata: from n/a th…
High
CVE-2025-26914
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Variable Inspector variable-inspector allows Reflected XSS.This issue affects Variable Inspe…
High
CVE-2025-26879
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristián Lávaque s2Member s2member allows Reflected XSS.This issue affects s2Member: from n/a thr…
High
CVE-2025-26589
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristopher Dino IE CSS3 Support ie-css3-support allows Reflected XSS.This issue affects IE CSS3 S…
High
CVE-2025-26588
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gabrielperezs TTT Crop ttt-crop allows Reflected XSS.This issue affects TTT Crop: from n/a throug…
High
CVE-2025-26587
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nghorta sidebarTabs sidebartabs allows Reflected XSS.This issue affects sidebarTabs: from n/a thr…
High
CVE-2025-26586
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abelony Events Planner events-planner allows Reflected XSS.This issue affects Events Planner: fro…
High
CVE-2025-26585
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DyadyaLesha DL Leadback dl-leadback allows Reflected XSS.This issue affects DL Leadback: from n/a…
High
CVE-2025-26563
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Muneeb Mobile rocket-wp-mobile allows Reflected XSS.This issue affects Mobile: from n/a through <…
High
CVE-2025-26557
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viperchill ViperBar viperbar allows Reflected XSS.This issue affects ViperBar: from n/a through <…
High
CVE-2025-25170
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DotsquaresLtd Migrate Posts migrate-post allows Reflected XSS.This issue affects Migrate Posts: f…
High
CVE-2025-25169
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.Th…
High
CVE-2025-25165
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richardgabriel Staff Directory Plugin: Company Directory staff-directory-pro allows Stored XSS.Th…
High
CVE-2025-25164
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yuichiro ABE Meta Accelerator meta-accelerator allows Reflected XSS.This issue affects Meta Accel…
High
CVE-2025-25161
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SocialEvolution WP Find Your Nearest wp-find-your-nearest allows Reflected XSS.This issue affects…
High
CVE-2025-25158
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antonio Sanchez Uncomplicated SEO uncomplicated-seo allows Reflected XSS.This issue affects Uncom…
High
CVE-2025-25157
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpchurchteam WP Church Center wp-church-center allows Reflected XSS.This issue affects WP Church…
High
CVE-2025-25142
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Jake Group WP Less Compiler wp-less-compiler allows Stored XSS.This issue affects WP Less Com…
Medium
CVE-2025-25137
Cross-Site Request Forgery (CSRF) vulnerability in kareemsultan Social Links social-links allows Stored XSS.This issue affects Social Links: from n/a through <= 1.0.11.
High
CVE-2025-25133
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in newbiesup WP Frontend Submit wp-frontend-submit allows Reflected XSS.This issue affects WP Fronte…
High
CVE-2025-25132
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ravi Singh Visitor Details visitors-details allows Stored XSS.This issue affects Visitor Details:…
Medium
CVE-2025-25131
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in randyjensen RJ Quickcharts rj-quickcharts allows Stored XSS.This issue affects RJ Quickcharts: fr…
High
CVE-2025-25129
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Callback Request allows Reflected XSS. This issue affects Callback Request: from n/a thr…
High
CVE-2025-25127
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohitashv Singhal Contact Us By Lord Linus contact-us-by-lord-linus allows Reflected XSS.This iss…
High
CVE-2025-25124
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devu Status Updater fb-status-updater allows Reflected XSS.This issue affects Status Updater: fro…
High
CVE-2025-25119
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue…
High
CVE-2025-25118
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows Reflected XSS.This issue affects To…
Medium
CVE-2025-25115
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zeshan Abdullah Like dislike plus counter like-dislike-plus-counter allows Stored XSS.This issue…
High
CVE-2025-25114
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ehabstar User Role user-roles allows Reflected XSS.This issue affects User Role: from n/a through…
High
CVE-2025-25113
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Senktec Implied Cookie Consent implied-cookie-consent allows Reflected XSS.This issue affects Imp…
High
CVE-2025-25108
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shalomworld SW Plus shalom-world-media-gallery allows Reflected XSS.This issue affects SW Plus: f…
High
CVE-2025-25102
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Harrison Yahoo BOSS yahoo-boss allows Reflected XSS.This issue affects Yahoo BOSS: from n/a…
High
CVE-2025-25099
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in accreteinfosolution Appointment Buddy Widget appointment-buddy-online-appointment-booking-by-accr…
High
CVE-2025-25092
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affec…
High
CVE-2025-25090
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This issue affect…
High
CVE-2025-25089
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appten Image Rotator appten-image-rotator allows Reflected XSS.This issue affects Image Rotator:…
High
CVE-2025-25087
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim seekXL Snapr seekxl-snapr allows Reflected XSS.This issue affects seekXL Snapr: from n/a thro…
Medium
CVE-2025-25084
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antrouss UniTimetable unitimetable allows Stored XSS.This issue affects UniTimetable: from n/a th…
High
CVE-2025-25083
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dave Lavoie EP4 More Embeds ep4-more-embeds allows Stored XSS.This issue affects EP4 More Embeds:…
High
CVE-2025-25070
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ed atrero Album Reviewer albumreviewer allows Stored XSS.This issue affects Album Reviewer: from…
High
CVE-2025-24758
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects…
High
CVE-2025-24694
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Reflected XSS.This issue affect…
High
CVE-2025-23956
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Leishman WP Easy Post Mailer wp-mailer allows Reflected XSS.This issue affects WP Easy Po…
High
CVE-2025-23904
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rebrandpress Rebrand Fluent Forms rebrand-fluent-forms allows Reflected XSS.This issue affects Re…
High
CVE-2025-23903
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofx Local Shipping Labels for WooCommerce local-shipping-labels-for-woocommerce allows Reflecte…
High
CVE-2025-23883
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in unalignedcoder Stray Random Quotes stray-quotes allows Reflected XSS.This issue affects Stray Ran…
High
CVE-2025-23881
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in littlejon LJ Custom Menu Links lj-custom-menu-links allows Reflected XSS.This issue affects LJ Cu…
High
CVE-2025-23879
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PillarDev Easy Automatic Newsletter Lite easy-automatic-newsletter allows Reflected XSS.This issu…
High
CVE-2025-23852
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robin90 First Comment Redirect first-comment-redirect allows Reflected XSS.This issue affects Fir…
High
CVE-2025-23850
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojowill Mojo Under Construction mojo-under-construction allows Reflected XSS.This issue affects…
High
CVE-2025-23847
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saill Site Launcher site-launcher allows Reflected XSS.This issue affects Site Launcher: from n/a…
High
CVE-2025-23843
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphrmanager WP-HR Manager: The Human Resources Plugin for WordPress wp-hr-manager allows Reflecte…
Medium
CVE-2025-23829
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codingkart Woo Update Variations In Cart woo-update-variations-in-cart allows Stored XSS.This iss…
High
CVE-2025-23814
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Like Box crudlab-facebook-like-box allows Reflected XSS.This issue affects CRUDLa…
High
CVE-2025-23813
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tony Hayes Guten Free Options guten-free-options allows Reflected XSS.This issue affects Guten Fr…
High
CVE-2025-23762
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Sternberg DsgnWrks Twitter Importer dsgnwrks-twitter-importer allows Reflected XSS.This is…
High
CVE-2025-23753
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digireturn DN Sitemap Control dn-sitemap-control allows Reflected XSS.This issue affects DN Sitem…