CVE-2025-63061

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hogash KALLYAS kallyas allows DOM-Based XSS.This issue affects KALLYAS: from n/a through 4.25.0...

CVE-2025-63011

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

CVE-2025-63073

The CVE-2025-63073 entry concerns the WordPress Dream-Theme The7 (dt-the7) WordPress theme up to version 12.8.0.2, with a DOM-based XSS caused by improper input neutralization during web page generation. The issue affects The7 versions

CVE-2025-63075

The CVE describes a DOM-based XSS in the WordPress Betheme theme, affecting Betheme versions up to 28.1.7. Root cause per the sources is improper neutralization of input during web page generation, enabling DOM-Based XSS without server-side code execution. Affected component: Betheme (WordPress t...

CVE-2025-63057

CVE-2025-63057 refers to a DOM-based XSS in the WordPress plugin WP Ultimate Review (Roxnor) affecting versions from and including up to 2.3.7. The vulnerability arises from improper input neutralization during web page generation, enabling cross-site scripting on pages rendered by the plugin. Pu...

CVE-2025-63044 WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through = 1.4.19.1...

CVE-2025-67553 WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows DOM-Based XSS.This issue affects Advanced FAQ Manager: from n/a through = 1.5.2...

CVE-2025-67549 WordPress oik plugin <= 4.15.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through = 4.15.3...

CVE-2025-67549

CVE-2025-67549 affects the WordPress plugin oik up to version 4.15.3. Root cause: improper input neutralization during web page generation, enabling DOM-based XSS. Impact: DOM-based XSS with Low–Medium confidentiality, integrity, and availability effects (CVSS v3.1 base 6.5). Affected product: oik

CVE-2025-67542 WordPress Multi-Step Checkout for WooCommerce plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SilkyPress Multi-Step Checkout for WooCommerce wp-multi-step-checkout allows DOM-Based XSS.This issue affects Multi-Step Checkout for WooCommerce: from n/a through = 2.33...

WordPress plugin Xpro Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

PT-2025-50044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through = 1.5.68...

WordPress plugin Ronneby Theme Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging websites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-50278

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0-rc.1 through 4.7.0 Description ZITADEL, an open-source identity infrastructure tool, is susceptible to a DOM-Based Cross-Site Scripting XSS issue through the Zitadel V2 logout endpoint. The /logout API endpoint insecurel...

CVE-2025-66091

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through = 8.1.5...

CVE-2025-66090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

EUVD-2025-198455

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 4.8...

EUVD-2025-198458

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

CVE-2025-66057

The CVE refers to Bold Page Builder (WordPress) with a DOM-based XSS due to improper input handling during web page generation. Affected: Bold Page Builder, versions up to and including 5.5.2. Impact described in connected sources indicates a Stored Cross-Site Scripting issue that can affect auth...

CVE-2025-63883

CVE-2025-63883 affects electic-shop v1.0. The vulnerability is a DOM-based XSS in client-side code that reads attacker-controlled input (e.g., URL parameters or fragment) and writes it into the DOM using unsafe sinks such as innerHTML, insertAdjacentHTML, or document.write without proper sanitiza...