Medium
CVE-2025-1467
Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting (XSS) via the getElemWidth() and getElemHeight(). This is related to [SNYK-JS-TARTEAUCITRONJS-8366541](htt…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 86/398 • 47666 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47666 CVEs for this tag (all time). In the last 365 days, 7596 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-02-23
Low
CVE-2025-1586
A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /Blood/A-.php. The manipulation of the argum…
Low
CVE-2025-1585
A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/…
Low
CVE-2025-1579
A vulnerability was found in code-projects Blood Bank System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/user.php. The manipulation of the argumen…
Low
CVE-2025-1577
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /prostatus.php. The manip…
Medium
CVE-2024-13728
The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient inp…
2025-02-22
Medium
CVE-2025-26973
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare social-warfare allows DOM-Based XSS.This issue affects Social Warfa…
High
CVE-2025-26774
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups easy-popups allows Reflecte…
High
CVE-2025-26756
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grimdonkey Magic the Gathering Card Tooltips magic-the-gathering-card-tooltips allows Stored XSS.…
High
CVE-2025-0957
The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping.…
High
CVE-2025-0953
The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. T…
High
CVE-2025-0918
The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. Thi…
Low
CVE-2025-1553
A vulnerability was found in pankajindevops scale up to 3633544a00245d3df88b6d13d9b3dd0f411be7f6. It has been classified as problematic. Affected is an unknown function of the file /scale/project. Th…
Medium
CVE-2024-13564
The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including, 1.…
Medium
CVE-2024-12467
The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Ds_MerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient inp…
Medium
CVE-2024-12038
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin…
2025-02-21
High
CVE-2025-27108
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's `.replace()` opens up to potential Cross-site Scripting (XSS) vulnerabilities with…
Low
CVE-2025-1548
A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argume…
Medium
CVE-2024-10222
The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output e…
Medium
CVE-2025-1489
The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization an…
Medium
CVE-2024-13455
The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbi_calendar' shortcode in all versions up to, and including, 1.40 due to insufficient…
Medium
CVE-2024-13648
The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input saniti…
Medium
CVE-2024-13461
The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all v…
Medium
CVE-2024-12452
The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeo_event' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization…
Medium
CVE-2025-1410
The Events Calendar Made Simple – Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to i…
Low
CVE-2024-13585
The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting att…
Low
CVE-2024-13314
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored C…
Medium
CVE-2025-1407
The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's amoteam_skills shortcode in all versions up to, and including, 1.1.4 due to insufficient input…
Medium
CVE-2025-1406
The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization…
Medium
CVE-2024-13751
The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'des[]' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and o…
Medium
CVE-2024-13672
The Mini Course Generator | Embed mini-courses and interactive content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mcg' shortcode in all versions up to, and in…
Medium
CVE-2024-13388
The TCBD Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbdtooltip_text' shortcode in all versions up to, and including, 1.0 due to insufficient input sa…
Medium
CVE-2024-13379
The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and ou…
2025-02-20
High
CVE-2025-27088
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, when visited, inject s…
Medium
CVE-2025-25957
Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script.
Medium
CVE-2025-25960
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator.
Medium
CVE-2025-25958
Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script.
Low
CVE-2025-25299
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was discovered in the CKEditor 5 real-time coll…
Medium
CVE-2023-51338
PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page.
Medium
CVE-2023-51337
PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index.
Medium
CVE-2025-25973
A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, ar…
Medium
CVE-2024-54959
Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS).
Medium
CVE-2024-54958
Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which ar…
Medium
CVE-2023-51335
PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters.
Medium
CVE-2023-51330
PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter.
Medium
CVE-2023-51325
PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters.
Medium
CVE-2023-51318
PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters.
Medium
CVE-2023-51315
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters.
Medium
CVE-2023-51312
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter.
Medium
CVE-2023-51306
PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters.
High
CVE-2025-1039
The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitizati…
Medium
CVE-2025-1328
The Typed JS: A typewriter style animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘typespeed’ parameter in all versions up to, and including, 1.2.0 due to insuffici…
Medium
CVE-2024-6432
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up to…
Medium
CVE-2024-13849
The Cookie Notice Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This ma…
Medium
CVE-2024-13802
The Bandsintown Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bandsintown_events' shortcode in all versions up to, and including, 1.3.1 due to insufficien…
Medium
CVE-2024-13748
The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitiza…
Medium
CVE-2025-1064
The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xoo_el_action shortcode in all versions up to, and including, 2…
Medium
CVE-2025-0897
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due t…
Medium
CVE-2024-13155
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due…
Medium
CVE-2024-13445
The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and in…
2025-02-19
Medium
CVE-2024-37360
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutr…
Medium
CVE-2023-51305
PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters.
Medium
CVE-2023-51300
PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters.
Medium
CVE-2023-51296
PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters which allows attack…
Medium
CVE-2020-13481
Certain Lexmark products through 2020-05-25 allow XSS which allows an attacker to obtain session credentials and other sensitive information.
Medium
CVE-2024-53974
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts in…
Medium
CVE-2025-20211
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack agains…
Medium
CVE-2024-28776
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu…
High
CVE-2025-0916
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due…
Medium
CVE-2025-1024
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. T…
Medium
CVE-2024-13363
The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and out…
Medium
CVE-2024-13736
The Pure Chat – Live Chat & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘purechatWidgetName’ parameter in all versions up to, and including, 2.4 due to insufficien…
Medium
CVE-2024-13711
The Pollin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient input sanitization and ou…
Medium
CVE-2024-13679
The Widget BUY.BOX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buybox-widget' shortcode in all versions up to, and including, 3.1.5 due to insufficient input s…
Medium
CVE-2024-13674
The Cosmic Blocks (40+) Content Editor Blocks Collection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cwp_social_share' shortcode in all versions up to, and inc…
Medium
CVE-2024-13663
The Coaching Staffs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mstw-cs-table' shortcode in all versions up to, and including, 1.5.1 due to insufficient input…
Medium
CVE-2024-13660
The Responsive Flickr Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fshow' shortcode in all versions up to, and including, 2.6.1 due to insufficient in…
Medium
CVE-2024-13657
The Store Locator Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'storelocatorwidget' shortcode in all versions up to, and including, 2025r1 due to insuffic…
Medium
CVE-2024-13591
The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in all versions up…
Medium
CVE-2024-13589
The YouTube Playlists with Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yt_grid' shortcode in all versions up to, and including, 2.6.1 due to insufficien…
Medium
CVE-2024-13462
The WP Wiki Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wiki' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitizat…
Medium
CVE-2024-13390
The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'adfo_list' shortcode in all versions up to, and including, 1.9.1 due to i…
Medium
CVE-2024-12522
The Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yayforms' shortcode in all versions up to, and inc…
Medium
CVE-2024-12339
The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘channel' parameter in all versions up to, and including, 3.1.1 due to insufficient input saniti…
Medium
CVE-2024-12069
The Lexicata plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16.…
Medium
CVE-2024-11778
The CanadaHelps Embedded Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedcdn' shortcode in all versions up to, and including, 1.0.1 due to insuf…
Medium
CVE-2024-11753
The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umich_oidc_button' shortcode in all versions up to, and including, 1.2.0 due to insufficient i…
Medium
CVE-2024-11335
The UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframe' shortcode in all versio…
Medium
CVE-2025-25054
Movable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication plugin is enabled and a user accesses a crafted page while log…
Medium
CVE-2025-24841
Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. It is exploitable when TinyMCE6 is used as a rich text editor and an arbitrary script may b…
Medium
CVE-2025-22888
Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser.
Medium
CVE-2025-1065
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Import Data From File feature in all versions up to, and inc…
Medium
CVE-2024-13799
The User Private Files – File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘new-fldr-name’ parameter in all versions up…
Low
CVE-2024-12173
The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scrip…
Medium
CVE-2024-13443
The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to, and including, 1.3.8 due to insufficient input san…
High
CVE-2024-11582
The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insuff…
Medium
CVE-2024-13508
The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization a…
2025-02-18
Medium
CVE-2024-13743
The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderplugin_video shortcode in all versions up to, and including, 2.2 due to insufficient in…
Medium
CVE-2025-27016
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Drivr Lite – Google Drive Plugin allows Stored XSS. This issue affects Drivr Lite – Googl…
Medium
CVE-2025-22650
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget smartarget-contact-us allows Stored XSS.This issue affects Sma…
Medium
CVE-2024-56882
Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo in…
Low
CVE-2024-4028
A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console,…
High
CVE-2025-0817
The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output esc…
High
CVE-2025-0521
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization a…
Medium
CVE-2024-13667
The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization an…
Medium
CVE-2025-0981
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting (XSS) vulnerability in the Group Editor page. This…
Medium
CVE-2024-13395
The Threepress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'threepress' shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitiza…
Medium
CVE-2025-0864
The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodes_set' parameter in all versions up…
Medium
CVE-2025-0424
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able…
Medium
CVE-2025-0423
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is a…
High
CVE-2024-13704
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due to insufficient input saniti…
Medium
CVE-2024-13575
The Web Stories Enhancer – Level Up Your Web Stories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'web_stories_enhancer' shortcode in all versions up to, and inc…
Medium
CVE-2024-13465
The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all version…
Medium
CVE-2024-11895
The Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.20.0…
Medium
CVE-2024-11376
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use o…
Medium
CVE-2025-0805
The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to ins…
Medium
CVE-2024-13848
The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output…
Medium
CVE-2024-13588
The Simplebooklet PDF Viewer and Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode in all versions up to, and including, 1.1.2 due…
Medium
CVE-2024-13587
The Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_fvar' shortcode in all versions up to, and…
Medium
CVE-2024-13582
The Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdo_simple_pricing_table_free' shortc…