Medium
CVE-2025-26558
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mkkmail Aparat Responsive aparat-responsive allows DOM-Based XSS.This issue affects Aparat Respon…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 88/398 • 47666 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47666 CVEs for this tag (all time). In the last 365 days, 7596 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-02-13
High
CVE-2025-26552
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in badrHan Naver Syndication V2 badr-naver-syndication allows Stored XSS.This issue affects Naver Sy…
High
CVE-2025-26551
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Bootstrap collapse bootstrap-collapse allows Stored XSS.This issue affects Bootstrap co…
High
CVE-2025-26550
Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description global-meta-keyword-and-description allows Stored XSS.This issue affects Global Meta Keyword & Descr…
High
CVE-2025-26549
Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap wp-html-page-sitemap allows Stored XSS.This issue affects WP Html Page Sitemap: from n/a through <= 2.2.
High
CVE-2025-26547
Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin my-loginlogout allows Stored XSS.This issue affects My Login Logout Plugin: from n/a through <= 2.4.
High
CVE-2025-26545
Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard related-posts-line-up-exactry-by-milliard allows Stored XSS.This issue affects Related Posts Line-u…
High
CVE-2025-26543
Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through <= 2.1.
Medium
CVE-2025-26539
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petkivim Embed Google Map embed-google-map allows Stored XSS.This issue affects Embed Google Map:…
Medium
CVE-2025-26538
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Prezi Embedder prezi-embedder allows Stored XSS.This issue affects Prezi Embedder: f…
Medium
CVE-2025-1271
Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected cod…
Medium
CVE-2024-13867
The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient…
High
CVE-2024-46910
An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which…
Low
CVE-2025-0692
The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
Low
CVE-2024-13125
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…
Low
CVE-2024-13121
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which co…
Medium
CVE-2024-13120
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which co…
Medium
CVE-2024-13119
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which co…
Medium
CVE-2024-12586
The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be…
Medium
CVE-2025-0837
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user…
Medium
CVE-2024-13227
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.23…
Medium
CVE-2024-13644
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input…
2025-02-12
Medium
CVE-2024-57605
Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.
Medium
CVE-2024-57601
Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.
Medium
CVE-2024-56939
LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ld-comment-body class.
Medium
CVE-2024-56938
LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the materials-content class.
Medium
CVE-2024-51122
Cross Site Scripting vulnerability in Zertificon Z1 SecureMail Z1 CertServer v.3.16.4-2516-debian12 alllows a remote attacker to execute arbitrary code via the ST, L, O, OU, CN parameters.
Low
CVE-2025-1213
A vulnerability was found in pihome-shc PiHome 1.77. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument $_…
Low
CVE-2025-1209
A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is the function searchuser of the file /search_resualts.php. The manipulation of the argument fir…
Low
CVE-2025-1208
A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /Profile.php. The manipulation of the argument p…
High
CVE-2025-0376
An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via…
Medium
CVE-2024-54160
dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.
Medium
CVE-2024-10322
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitiza…
Low
CVE-2025-1196
A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation…
Low
CVE-2025-1195
A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCat…
High
CVE-2025-0511
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization a…
Medium
CVE-2025-1230
Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘/<admin_directory>/index.php’, affecting the ‘link’ parameter. This vu…
Low
CVE-2025-1190
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/load_user-profile.php. The manipulation…
Medium
CVE-2025-0506
The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insuf…
Medium
CVE-2024-13459
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesk_newcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sani…
Medium
CVE-2024-13456
The Easy Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wqt-question' shortcode in all versions up to, and including, 2.0 due to insufficient input san…
Medium
CVE-2023-49780
Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected pr…
Medium
CVE-2024-13769
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'theme_options_ajax_post_…
Medium
CVE-2024-13665
The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'space' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization…
Medium
CVE-2024-13658
The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hr_SIS_nextgen_searchbox' shortcode in all versions up to, and including, 3.2.1 due to i…
Medium
CVE-2024-11746
The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' sh…
Medium
CVE-2024-13701
The Liveticker (by stklcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due to insufficient…
2025-02-11
High
CVE-2025-25203
CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the `TicketsController` and `Moderation/TicketsController`…
Medium
CVE-2024-12833
Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of…
High
CVE-2025-24438
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged at…
Medium
CVE-2025-24428
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged at…
High
CVE-2025-24417
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged at…
High
CVE-2025-24416
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged at…
High
CVE-2025-24415
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged at…
High
CVE-2025-24414
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged at…
High
CVE-2025-24413
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged at…
High
CVE-2025-24412
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged at…
High
CVE-2025-24410
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged at…
High
CVE-2024-27781
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.…
Low
CVE-2024-27780
Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page…
High
CVE-2024-12755
A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information.
Medium
CVE-2024-13830
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction i…
Medium
CVE-2025-26493
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
Medium
CVE-2025-0862
The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insuffici…
Medium
CVE-2024-13506
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all versi…
Medium
CVE-2024-52612
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a…
Medium
CVE-2024-13570
The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used…
Medium
CVE-2024-13543
The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used…
Low
CVE-2025-1174
A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file process_book_add.php of the componen…
Medium
CVE-2024-12599
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insu…
Low
CVE-2025-1171
A vulnerability classified as problematic was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/Customer…
Medium
CVE-2025-1145
NetVision Information ISOinsight has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phish…
Low
CVE-2025-1170
A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/Category.php. The manipulation…
Low
CVE-2025-1169
A vulnerability was found in SourceCodester Image Compressor Tool 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /image-compressor/compressor.php. The m…
Medium
CVE-2025-24867
SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. The application allows an unauthenticated attacker to craft…
Medium
CVE-2025-0054
SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to…
2025-02-10
Medium
CVE-2025-25190
The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service (WPS) Server contains a Cross-Site Scripting (XSS) vulnerability in its EchoProcess service prior to comm…
Medium
CVE-2025-25189
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service (WPS) publish.py CGI script prior to commit 7a5a…
Low
CVE-2025-1159
A vulnerability was found in CampCodes School Management Software 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academic-calendar.…
Medium
CVE-2025-1155
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads…
Medium
CVE-2024-13010
The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on the 'search_…
Medium
CVE-2024-10649
wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to m…
Medium
CVE-2024-57409
A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into t…
Medium
CVE-2024-48170
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php.
Medium
CVE-2024-11831
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object type…
Medium
CVE-2025-1175
Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4, in versions between 3.2C and 5.1K. This vulnerability could allow an attacker to execute a Java…
Medium
CVE-2025-25247
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up t…
2025-02-09
High
CVE-2024-13440
The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supp…
2025-02-08
Medium
CVE-2025-0169
The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output esc…
Medium
CVE-2024-13850
The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping.…
2025-02-07
High
CVE-2025-24028
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HT…
Low
CVE-2025-1114
A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of t…
Medium
CVE-2024-57279
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <= ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerabil…
Medium
CVE-2024-57278
A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allo…
Medium
CVE-2025-1105
A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP…
Medium
CVE-2024-52882
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code…
High
CVE-2024-10383
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE s…
High
CVE-2025-25168
Cross-Site Request Forgery (CSRF) vulnerability in Black and White BookPress – For Book Authors book-press allows Cross-Site Scripting (XSS).This issue affects BookPress – For Book Authors: from n/a…
High
CVE-2025-25166
Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation inlocation allows Stored XSS.This issue affects InLocation: from n/a through <= 1.8.
High
CVE-2025-25160
Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker style-tweaker allows Stored XSS.This issue affects Style Tweaker: from n/a through <= 0.11.
High
CVE-2025-25159
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez wpdoodlez allows Stored XSS.This issue affects WP doodlez: from n/a th…
High
CVE-2025-25156
Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through <= 3.0.0.
High
CVE-2025-25154
Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications custom-comment-notifications allows Stored XSS.This issue affects Custom Comment Notifications: from n/a throug…
High
CVE-2025-25153
Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag simple-auto-tag allows Stored XSS.This issue affects Simple Auto Tag: from n/a through <= 1.1.
High
CVE-2025-25152
Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow smart-dofollow allows Stored XSS.This issue affects Smart DoFollow: from n/a through <= 1.0.2.
High
CVE-2025-25149
Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box login-box allows Stored XSS.This issue affects Login-box: from n/a through <= 2.0.4.
High
CVE-2025-25148
Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link read-more-copy-link allows Stored XSS.This issue affects Read More Copy Link: from n/a through <= 1.0.2.
High
CVE-2025-25147
Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO auto-seo allows Stored XSS.This issue affects Auto SEO: from n/a through <= 2.5.6.
High
CVE-2025-25144
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theasys Theasys theasys allows Stored XSS.This issue affects Theasys: from n/a through <= 1.0.1.
High
CVE-2025-25140
Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile simple-user-profile allows Stored XSS.This issue affects Simple User Profile: from n/a through <= 1.9.
High
CVE-2025-25139
Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed wp-custom-post-rss-feed allows Stored XSS.This issue affects WP Custom Post RSS Feed: from n/a through…
High
CVE-2025-25138
Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button ops-robots-txt allows Stored XSS.This issue affects On Page SEO + Whatsapp Chat Button: from n/a through <=…
Medium
CVE-2025-25136
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shujahat21 Optimate Ads optimate-ads allows Stored XSS.This issue affects Optimate Ads: from n/a…
High
CVE-2025-25135
Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar customize-wpadmin allows Stored XSS.This issue affects Custom Links On Admin Dashboard Toolb…
High
CVE-2025-25128
Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker facilita-form-tracker allows Stored XSS.This issue affects Facilita Form Tracker: from n/a through <= 1.0.
High
CVE-2025-25126
Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO zmseo allows Stored XSS.This issue affects ZMSEO: from n/a through <= 1.14.1.
High
CVE-2025-25125
Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes fyrebox-shortcode allows Stored XSS.This issue affects Fyrebox Quizzes: from n/a through <= 3.1.
High
CVE-2025-25123
Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts easy-related-posts allows Stored XSS.This issue affects Easy Related Posts: from n/a through <= 2.0.2.
Medium
CVE-2025-25117
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Polonski Smart Countdown FX smart-countdown-fx allows Stored XSS.This issue affects Smart Co…
Medium
CVE-2025-25105
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in coffeestudios Pop Up popup-seo-optimized allows Stored XSS.This issue affects Pop Up: from n/a th…