CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

WordPress plugin: Email Inquiry & Cart Options for WooCommerce – Cross-site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-68900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold allows DOM-Based XSS. This issue affects Enfold: from n/a through 7.1.3...

CVE-2026-24389

CVE-2026-24389 concerns the WordPress Gallery PhotoBlocks plugin (photoblocks-grid-gallery). Public sources confirm a Cross-Site Scripting (DOM-based) vulnerability in Gallery PhotoBlocks versions up to 1.3.2, arising from improper input neutralization during web page generation. Exploitation cou...

CVE-2026-24354

CVE-2026-24354: Penci Shortcodes & Performance (penci-shortcodes) is affected by a DOM-Based XSS in input during web page generation. The issue is authenticated (Contributor+) and affects versions up to and including 6.1. Based on connected documents, a patch is available (Patch Status: Patched);...

CVE-2026-22349

CVE-2026-22349 affects the WordPress plugin “Menu In Post” (Menu In Post). The vulnerability is a DOM-based Cross-Site Scripting (XSS) vulnerability caused by Improper Neutralization of Input During Web Page Generation. Affected versions are

CVE-2025-68900 WordPress Enfold theme <= 7.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold allows DOM-Based XSS. This issue affects Enfold: from n/a through 7.1.3...

CVE-2025-68900

CVE-2025-68900 : DOM-based XSS in WordPress theme Enfold (enfold) affecting version

CVE-2025-68538 WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through = 2.3.6...

CVE-2025-50005

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

CVE-2025-50005 WordPress tagDiv Composer plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

WordPress plugin Penci Shortcodes & Performance – Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-3981

Name of the Vulnerable Software and Affected Versions tagDiv Composer versions through 5.4.2 Description A flaw exists in tagDiv Composer’s handling of input during web page generation, leading to a DOM-Based Cross-site Scripting issue. This allows for the injection of malicious scripts into web...

WordPress plugin tagDiv Composer cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin B Slider has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Broadcom DX NetOps Spectrum 安全漏洞

Broadcom DX NetOps Spectrum is a network fault management and condition monitoring platform from Broadcom Corporation USA. A security vulnerability exists in Broadcom DX NetOps Spectrum version 24.3.9 and earlier, which stems from a dependency on a vulnerable third-party component and could lead ...

CVE-2025-68890

CVE-2025-68890 is a DOM-based XSS in the hands01 e-shops e-shops-cart2 plugin (WordPress) caused by improper input neutralization during web-page generation, affecting versions from n/a through

CVE-2025-68867 WordPress Effect Maker plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through = 1.2.1...

PT-2026-1283

Name of the Vulnerable Software and Affected Versions The Plus Addons for Elementor Page Builder Lite versions through 5.3.3 Description The Plus Addons for Elementor Page Builder Lite is susceptible to a DOM-Based Cross-site Scripting issue due to improper input neutralization during web page...

CVE-2025-62119

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link custom-url-to-featured-image allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through = 2.0.0...