High
CVE-2025-23741
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian Chaillou Notifications Center notifications-center allows Reflected XSS.This issue affect…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 84/398 • 47666 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47666 CVEs for this tag (all time). In the last 365 days, 7596 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-03-03
High
CVE-2025-23740
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zbynek Nedoma Easy School Registration easy-school-registration allows Reflected XSS.This issue a…
High
CVE-2025-23739
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jtibbles WP Ultimate Reviews FREE wp-ultimate-reviews-free allows Reflected XSS.This issue affect…
High
CVE-2025-23738
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Padam Shankhadev Ps Ads Pro ps-ads-pro allows Reflected XSS.This issue affects Ps Ads Pro: from n…
High
CVE-2025-23736
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webgdawg Form To JSON form-to-json allows Reflected XSS.This issue affects Form To JSON: from n/a…
High
CVE-2025-23731
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin Tax Report for WooCommerce tax-report-for-woocommerce allows Reflected XSS.This is…
High
CVE-2025-23726
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thebloghouse ComparePress comparepress allows Reflected XSS.This issue affects ComparePress: from…
High
CVE-2025-23721
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cloudvn Mobigate mobigatevn allows Reflected XSS.This issue affects Mobigate: from n/a through <=…
High
CVE-2025-23718
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mancx Mancx AskMe Widget mancx-askme-widget allows Reflected XSS.This issue affects Mancx AskMe W…
High
CVE-2025-23716
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JkmAS Login Watchdog login-watchdog allows Stored XSS.This issue affects Login Watchdog: from n/a…
High
CVE-2025-23688
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in editionskezzal Cobwebo URL Plugin cobwebo-url allows Reflected XSS.This issue affects Cobwebo URL…
High
CVE-2025-23670
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in montashov 4 author cheer up donate 4-author-cheer-up-donate allows Reflected XSS.This issue affec…
High
CVE-2025-23668
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mauricio Urrego ChatGPT Open AI Images & Content for WooCommerce glasses-for-woocommerce allows R…
High
CVE-2025-23663
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Vaquez Contexto contexto allows Reflected XSS.This issue affects Contexto: from n/a throug…
High
CVE-2025-23637
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fxy060608 新淘客WordPress插件 wp-xintaoke allows Reflected XSS.This issue affects 新淘客WordPress插件: from…
High
CVE-2025-23635
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mobde3net ePermissions epermissions allows Reflected XSS.This issue affects ePermissions: from n/…
High
CVE-2025-23619
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Catch Duplicate Switcher catch-duplicate-switcher allows Reflected XSS.This issue af…
High
CVE-2025-23616
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Canalplan canalplan-ac allows Reflected XSS.This issue affects Canalplan: from n/a through…
High
CVE-2025-23600
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pinal.shah Send to a Friend Addon send-booking-invites-to-friends allows Reflected XSS.This issue…
High
CVE-2025-23595
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainpulse Page Health-O-Meter page-health-o-meter allows Reflected XSS.This issue affects Page H…
High
CVE-2025-23587
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashek Al Mahmud all-in-one-box-login all-in-one-login allows Reflected XSS.This issue affects all…
High
CVE-2025-23586
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MAL73049 WP Post Category Notifications wp-post-category-notifications allows Reflected XSS.This…
High
CVE-2025-23585
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo Goo.gl Url Shorter googl-url-shorter allows Reflected XSS.This issue affects Goo.gl Ur…
High
CVE-2025-23584
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arsh91 Pin Locations on Map pin-locations-on-map allows Reflected XSS.This issue affects Pin Loca…
Medium
CVE-2025-23579
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio DZS Ajaxer Lite dzs-ajaxer-lite-dynamic-page-load allows Stored XSS.This issue…
High
CVE-2025-23576
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cfuze WP Intro.JS wp-intro-js-tours allows Reflected XSS.This issue affects WP Intro.JS: from n/a…
High
CVE-2025-23575
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevriX DX Sales CRM dx-sales-crm allows Reflected XSS.This issue affects DX Sales CRM: from n/a t…
High
CVE-2025-23570
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mitchell Bundy WP Social Links wp-social-links allows Reflected XSS.This issue affects WP Social…
High
CVE-2025-23565
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor Wibstats wibstats-statistics-for-wordpress-mu allows Reflected XSS.This issue affect…
High
CVE-2025-23564
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mohsenshahbazi WP FixTag wp-fixtag allows Reflected XSS.This issue affects WP FixTag: from n/a th…
High
CVE-2025-23563
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mbyte Explore pages explore-pages allows Reflected XSS.This issue affects Explore pages: from n/a…
High
CVE-2025-23556
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netbitsolutions Push Envoy Notifications push-envoy allows Reflected XSS.This issue affects Push…
High
CVE-2025-23555
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chenyenming Ui Slider Filter By Price ui-slider-filter-by-price allows Reflected XSS.This issue a…
High
CVE-2025-23553
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Userbase Access Control userbase-access-control allows Reflected XSS.This issue affe…
High
CVE-2025-23552
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yashar Texteller texteller allows Reflected XSS.This issue affects Texteller: from n/a through <=…
High
CVE-2025-23549
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agora32 Maniac SEO maniac-seo allows Reflected XSS.This issue affects Maniac SEO: from n/a throug…
High
CVE-2025-23539
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in surror Awesome Hooks awesome-hooks allows Reflected XSS.This issue affects Awesome Hooks: from n/…
High
CVE-2025-23538
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sophia M Williams WP Contest wp-contest allows Reflected XSS.This issue affects WP Contest: from…
High
CVE-2025-23536
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 Track Page Scroll track-page-scroll allows Reflected XSS.This issue affects Track Pa…
High
CVE-2025-23526
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SwiftCloud Swift Calendar Online Appointment Scheduling online-appointment-scheduling-software al…
High
CVE-2025-23524
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dactum ClickBank Storefront mycbgenie-clickbank-storefront allows Reflected XSS.This issue affect…
High
CVE-2025-23521
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Blocks goodlayers-blocks allows Reflected XSS.This issue affects Goodlayers…
High
CVE-2025-23520
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecureSubmit Heartland Management Terminal allows Reflected XSS. This issue affects Heartland Man…
High
CVE-2025-23519
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jas Saran G Web Pro Store Locator gwebpro-store-locator allows Reflected XSS.This issue affects G…
High
CVE-2025-23518
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrsaucier GoogleMapper googlemapper-2 allows Reflected XSS.This issue affects GoogleMapper: from…
High
CVE-2025-23517
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunil chaulagain Google Map on Post/Page google-map-on-postpage allows Reflected XSS.This issue a…
High
CVE-2025-23516
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainvireinfo Sale with Razorpay sell-with-razorpay allows Reflected XSS.This issue affects Sale…
High
CVE-2025-23505
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantho Bihosh Pit Login Welcome pit-login-welcome allows Reflected XSS.This issue affects Pit Log…
High
CVE-2025-23502
Cross-Site Request Forgery (CSRF) vulnerability in Ned Curated Search curated-search allows Stored XSS.This issue affects Curated Search: from n/a through <= 1.2.
High
CVE-2025-23496
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP FPO wp-fpo allows Reflected XSS.This issue affects WP FPO: from n/a through <= 1.0.
High
CVE-2025-23494
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binnyva Quizzin quizzin allows Reflected XSS.This issue affects Quizzin: from n/a through <= 1.01…
High
CVE-2025-23493
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moallemi Google Transliteration google-transliteration allows Reflected XSS.This issue affects Go…
High
CVE-2025-23490
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Stursberg Browser-Update-Notify browser-update-notify allows Reflected XSS.This issue aff…
High
CVE-2025-23488
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abolfazl Sabagh rng-refresh rng-refresh allows Reflected XSS.This issue affects rng-refresh: from…
High
CVE-2025-23487
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in odihost Easy Gallery simple-gallery-odihost allows Reflected XSS.This issue affects Easy Gallery:…
High
CVE-2025-23485
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richestsoft RS Survey rs-survey allows Reflected XSS.This issue affects RS Survey: from n/a throu…
High
CVE-2025-23484
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cojecto Predict When predict-when allows Reflected XSS.This issue affects Predict When: from n/a…
High
CVE-2025-23482
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azurecurve azurecurve Floating Featured Image azurecurve-floating-featured-image allows Reflected…
High
CVE-2025-23481
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Sales Report Email ni-woocommerce-sales-report-email allows Reflected…
Medium
CVE-2025-23480
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MicahBlu RSVP ME rsvp-me allows Stored XSS.This issue affects RSVP ME: from n/a through <= 1.9.9.
High
CVE-2025-23479
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in melascrivi melascrivi melascrivi allows Reflected XSS.This issue affects melascrivi: from n/a thr…
High
CVE-2025-23478
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmsaccount Photo Video Store photo-video-store allows Reflected XSS.This issue affects Photo Vide…
High
CVE-2025-23473
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Punit Bhalodiya Killer Theme Options killer-theme-options allows Reflected XSS.This issue affects…
High
CVE-2025-23472
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Slider flexo-slider allows Reflected XSS.This issue affects Flexo Slider: from…
High
CVE-2025-23468
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wrenchpilot Essay Wizard (wpCRES) essay-wizard-wpcres allows Reflected XSS.This issue affects Ess…
High
CVE-2025-23465
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magent Vampire Character Manager vampire-character allows Reflected XSS.This issue affects Vampir…
High
CVE-2025-23464
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keir Whitaker Twitter News Feed twitter-news-feed allows Reflected XSS.This issue affects Twitter…
High
CVE-2025-23451
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titodevera Awesome Twitter Feeds awesome-twitter-feeds allows Reflected XSS.This issue affects Aw…
High
CVE-2025-23450
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agenwebsite AW WooCommerce Kode Pembayaran aw-woocommerce-kode-pembayaran allows Reflected XSS.Th…
High
CVE-2025-23447
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundan Yevale Smooth Dynamic Slider smooth-dynamic-slider allows Reflected XSS.This issue affects…
High
CVE-2025-23446
Cross-Site Request Forgery (CSRF) vulnerability in KokoenDE WP SpaceContent wp-spacecontent allows Stored XSS.This issue affects WP SpaceContent: from n/a through <= 0.4.5.
High
CVE-2025-23441
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dkukral Attach Gallery Posts attach-gallery-posts allows Reflected XSS.This issue affects Attach…
High
CVE-2025-23439
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in willshouse TinyMCE Extended Config tinymce-extended-config allows Reflected XSS.This issue affect…
High
CVE-2025-23437
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nord_tramper ntp-header-images header-images-rotator allows Reflected XSS.This issue affects ntp-…
High
CVE-2025-23433
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jnwry vcOS vcos allows Reflected XSS.This issue affects vcOS: from n/a through <= 1.4.0.
High
CVE-2025-23425
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marekki Marekkis Watermark marekkis-watermark allows Reflected XSS.This issue affects Marekkis Wa…
Medium
CVE-2024-54179
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability…
High
CVE-2025-0475
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended cont…
Medium
CVE-2024-8186
An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search poten…
Medium
CVE-2024-53386
Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadow…
Medium
CVE-2024-53382
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup ca…
Medium
CVE-2025-27585
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via…
Medium
CVE-2025-27584
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via…
Medium
CVE-2025-25949
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via…
Medium
CVE-2025-1842
A vulnerability classified as problematic was found in FITSTATS Technologies AthleteMonitoring up to 20250302. This vulnerability affects unknown code of the file /login.php. The manipulation of the…
2025-03-02
Low
CVE-2025-1830
A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler. The manipulation of th…
Low
CVE-2025-1817
A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation lead…
Medium
CVE-2025-1810
A vulnerability was found in Pixsoft Vivaz 6.0.11. It has been classified as problematic. Affected is an unknown function of the file /servlet?act=login&submit=1&evento=0&pixrnd=012502181703185936023…
Low
CVE-2025-1807
A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler…
2025-03-01
Medium
CVE-2025-1491
The WP Posts Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play_timeout’ parameter in all versions up to, and including, 1.3.7 due to insufficient input san…
Medium
CVE-2025-1291
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icon’ parameter in all versions up to, and including, 3.4…
Medium
CVE-2025-1459
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Embedded Video(PB) widget in all versions up to, and including, 2.31.4 due to insufficient inp…
Medium
CVE-2024-13901
The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘content’ parameter in all versi…
Medium
CVE-2025-0820
The Clicface Trombi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nom’ parameter in all versions up to, and including, 2.08 due to insufficient input sanitization and out…
Medium
CVE-2024-9217
The Currency Switcher for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up t…
Medium
CVE-2024-9212
The SKU Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, a…
Medium
CVE-2024-13559
The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tx_woo_wishlist_table' shortcode in all versions up to, and including, 3.2.9 due to insuf…
2025-02-28
Medium
CVE-2025-25476
A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a not…
Medium
CVE-2025-25429
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page.
Medium
CVE-2025-25431
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page.
Medium
CVE-2025-25430
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.
Medium
CVE-2025-24318
Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.
Medium
CVE-2025-20049
The Dario Health portal service application is vulnerable to XSS, which could allow an attacker to obtain sensitive information.
Low
CVE-2025-27400
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Ve…
Medium
CVE-2025-25461
A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. W…
Medium
CVE-2025-25916
wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.
Medium
CVE-2025-1776
Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior to 8.3.4, which could allow remote attackers to execute arbitrary code via the ‘query’ parameter in /app-google-custom-search/sear…
Medium
CVE-2025-1746
Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL…
High
CVE-2025-1319
The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insuffici…
Medium
CVE-2025-1560
The WOW Entrance Effects (WEE!) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wee' shortcode in all versions up to, and including, 0.1 due to insufficient input…
Medium
CVE-2024-9019
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupress_check_ban_ips_form shortcode in all versions up to, and including,…
Medium
CVE-2024-13851
The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. This ma…
Medium
CVE-2024-13469
The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitiza…
Medium
CVE-2025-1571
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including,…
Medium
CVE-2025-1405
The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_products shortcode in all versions up to, and including, 1.7.11 due to insufficient…
High
CVE-2025-1513
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Si…
Medium
CVE-2025-1511
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions…
Medium
CVE-2024-12820
The MK Google Directions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MKGD' shortcode in all versions up to, and including, 3.1 due to insufficient input saniti…
Medium
CVE-2025-1757
The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhub_portfolio' and 'pfhub_portfolio_portfolio' shortcodes in…
Medium
CVE-2025-1505
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient inpu…