CVE-2025-11892

GitHub Enterprise Server is affected by CVE-2025-11892: an improper neutralization of input leads to DOM-based cross-site scripting via the Issues search label filter, enabling privilege escalation and unauthorized workflow triggers. Exploitation requires user interaction and access to a target s...

CVE-2025-62032

CVE-2025-62032 describes a DOM-based XSS in the WordPress plugin tagDiv Cloud Library (td-cloud-library) for versions earlier than 3.9.2, caused by improper input neutralization during web page generation. The issue affects the plugin prior to 3.9.2 and could allow injected scripts through DOM ma...

CVE-2025-64361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows DOM-Based XSS.This issue affects Consulting Elementor Widgets: from n/a through = 1.4.2...

CVE-2025-64365 WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through = 3.6.0...

CVE-2025-64365 WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through = 3.6.0...

CVE-2025-64362 WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through 5.5.0...

CVE-2025-62967

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through = 3.6.25...

EUVD-2025-36017

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debuggers Studio Marquee Addons for Elementor marquee-addons-for-elementor allows DOM-Based XSS.This issue affects Marquee Addons for Elementor: from n/a through = 3.7.12...

CVE-2025-62921 WordPress Bulk Auto Image Title Attribute plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a through = 2.0.1...

CVE-2025-62887 WordPress King Addons for Elementor plugin <= 51.1.61 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through = 51.1.61...

CVE-2025-62887 WordPress King Addons for Elementor plugin <= 51.1.61 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through = 51.1.61...

CVE-2025-62885

The CVE-2025-62885 entry concerns the WordPress WP VR plugin (RexTheme) with a DOM-based XSS caused by improper input neutralization during web page generation. Affected: WP VR

WordPress plugin Estatik 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-43835

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through = 4.1.13...

WordPress plugin King Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripti...

EUVD-2025-35522

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through 8.3.2...

CVE-2025-49940 WordPress Fusion Builder plugin <= 3.13.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeFusion Fusion Builder fusion-builder allows DOM-Based XSS.This issue affects Fusion Builder: from n/a through = 3.13.2...

CVE-2025-49928 WordPress JetWooBuilder plugin <= 2.1.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows DOM-Based XSS.This issue affects JetWooBuilder: from n/a through = 2.1.20...

PT-2025-43187

Name of the Vulnerable Software and Affected Versions Seriously Simple Podcasting versions through 3.11.1 Description The software contains a flaw related to improper input handling during web page creation, which allows for Cross-site Scripting XSS. This specific instance is a DOM-Based XSS issu...

EUVD-2025-30593

Malicious code in bioql PyPI...