158 matches found
CVE-2025-26945
CVE-2025-26945 is a Stored XSS in the WordPress plugin Info Cards – Gutenberg block for creating Beautiful Cards. Affected: Info Cards – Gutenberg block for creating Beautiful Cards (plugin), versions up to 1.0.5 (the Initial Description specifies this range; Connected docs confirm the vulnerabil...
CVE-2025-26938
CVE-2025-26938 is a stored XSS in the Countdown Timer block for WordPress (Countdown Timer plugin). It affects version 1.2.6 and earlier (Authenticated: Contributor+). The issue arises during countdown display, allowing input neutralization failures in the block’s rendering. A patch exists in 1.2...
CVE-2025-26881 WordPress Sticky Content plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Sticky Content sticky-menu-block allows Stored XSS.This issue affects Sticky Content: from n/a through = 1.0.1...
CVE-2025-26881
CVE-2025-26881 is an authenticated, stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin affected area named Sticky Content . The issue targets Sticky Content versions from n/a up to and including 1.0.1, as described in the CVE entry. The connected Wordfence vulnerability detai...
PT-2025-7864 · Unknown · Bplugins Business Card Block
Name of the Vulnerable Software and Affected Versions: bPlugins Business Card Block versions 1.0.0 through 1.0.5 Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. Specifically, it is a Stored...
PT-2025-7857 · Unknown · Bplugins Counters Block
Name of the Vulnerable Software and Affected Versions: bPlugins Counters Block versions 1.1.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. This allows for Stored XSS attacks...
PT-2025-7861 · Bplugins · Bplugins Services Section Block
Name of the Vulnerable Software and Affected Versions: bPlugins Services Section block versions 1.3.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability in the Services Section block. This allows...
PT-2025-7834 · Unknown · Bplugins Sticky Content
Name of the Vulnerable Software and Affected Versions: bPlugins Sticky Content versions n/a through 1.0.1 Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. Specifically, it is a Stored XSS...
PT-2025-7863 · Unknown · Bplugins Team Section Block
Name of the Vulnerable Software and Affected Versions: bPlugins Team Section Block versions 1.0.0 through 1.0.9 Description: The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability. This allows for the storage of malicious...
PT-2025-7856 · Unknown · Bplugins Countdown Timer
Name of the Vulnerable Software and Affected Versions: bPlugins Countdown Timer versions 1.2.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. This allows for Stored XSS attacks...
CVE-2025-26883
Missing Authorization vulnerability in bPlugins Animated Text Block animated-text-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Text Block: from n/a through = 1.0.7...
CVE-2025-26754
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Timeline Block timeline-block-block allows Stored XSS.This issue affects Timeline Block: from n/a through = 1.1.1...
CVE-2025-26754
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Timeline Block timeline-block-block allows Stored XSS.This issue affects Timeline Block: from n/a through = 1.1.1...
CVE-2025-26754
CVE-2025-26754 affects the WordPress Timeline Block plugin (versions n/a through 1.1.1). It is a Stored XSS due to improper input neutralization during web page generation. Affected software: Timeline Block – Timeline Block Plugin for WordPress. Impact: stored script execution in a victim’s brows...
PT-2025-7221 · Unknown · Bplugins Timeline Block
Name of the Vulnerable Software and Affected Versions: bPlugins Timeline Block versions n/a through 1.1.1 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...
CVE-2024-23508
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17...
CVE-2024-24714
Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4...
CVE-2025-22675
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end alert-box-block allows Stored XSS.This issue affects Alert Box Block – Display notice/alerts in the front end: from n/a through =...
PT-2025-4616 · WordPress · Bplugins Alert Box Block
Name of the Vulnerable Software and Affected Versions: bPlugins Alert Box Block – Display notice/alerts in the front end versions 1.1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This...
CVE-2025-24595
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins All Embed – Elementor Addons all-embed-addons-for-elementor allows Stored XSS.This issue affects All Embed – Elementor Addons: from n/a through = 1.1.3...