WordPress plugin Contact Form 7 Database Addon 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin Contact Form...

CVE-2025-6865

A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ...

CVE-2025-53279

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman Popup addon for Ninja Forms popup-addon-for-ninja-forms allows DOM-Based XSS.This issue affects Popup addon for Ninja Forms: from n/a through = 3.4...

DaiCuo 安全漏洞

DaiCuo DaiCuo is an adaptive backend management framework based on ThinkPHP, Bootstrap and Jquery by China-based DaiCuo. A security vulnerability exists in DaiCuo 1.3.13 and earlier versions, which stems from a cross-site request forgery due to incorrect operation of the file /admin.php/addon/ind...

CVE-2025-53279

CVE-2025-53279 is a DOM-based XSS vulnerability in the Popup addon for Ninja Forms, caused by improper input neutralization during web page generation. Affected: Popup addon for Ninja Forms (versions up to 3.4). Impact and exploitability are described in public sources as XSS; CVSS details are pr...

CVE-2025-53279 WordPress Popup addon for Ninja Forms plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman Popup addon for Ninja Forms allows DOM-Based XSS. This issue affects Popup addon for Ninja Forms: from n/a through 3.4...

CVE-2025-53279 WordPress Popup addon for Ninja Forms plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman Popup addon for Ninja Forms popup-addon-for-ninja-forms allows DOM-Based XSS.This issue affects Popup addon for Ninja Forms: from n/a through = 3.4...

CVE-2025-6550

The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideroptions’ parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-6550

CVE-2025-6550 concerns The Pack Elementor addon for WordPress (v

WordPress plugin The Pack Elementor addon 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...

WordPress plugin Popup addon for Ninja Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-27186 · Unknown · Popup Addon For Ninja Forms

Name of the Vulnerable Software and Affected Versions: Aman Popup addon for Ninja Forms versions n/a through 3.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an...

CVE-2025-49311

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Stored XSS.This issue affects The Events Calendar Countdown Addon: from n/a through = 1.4.9...

CVE-2024-9993

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaeleventdetailstext parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to...

CVE-2025-49311 WordPress The Events Calendar Countdown Addon plugin <= 1.4.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Stored XSS.This issue affects The Events Calendar Countdown Addon: from n/a through = 1.4.9...

CVE-2025-49311 WordPress The Events Calendar Countdown Addon <= 1.4.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CoolHappy The Events Calendar Countdown Addon allows Stored XSS. This issue affects The Events Calendar Countdown Addon: from n/a through 1.4.9...

CVE-2025-49311

CVE-2025-49311 concerns the WordPress plugin The Events Calendar Countdown Addon. According to the supplied records, it is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Affected range is The Events Calendar Countdown Addon...

WordPress plugin The Events Calendar Countdown Addon 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

CVE-2025-3813

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementordata’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2024-49267

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nayon46 Unlimited Addon For Elementor unlimited-addon-for-elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through = 2.0.0...