CVE-2025-58230

ZoloBlocks (WordPress plugin) has a DOM-based XSS vulnerability caused by improper input neutralization during Web Page Generation. Affected versions are listed as up to 2.3.9 in the CVE description, with connected sources indicating a later patched state (≤ 2.3.12). Exploitation details are not ...

CVE-2025-58233

CVE-2025-58233 describes a DOM-based XSS vulnerability in Guaven Labs SQL Chart Builder. Affected: SQL Chart Builder versions up to 2.3.7.2 (no fixed version specified in the documents beyond that). The issue is an input handling problem during web page generation that can lead to Cross-Site Scri...

CVE-2025-58245

CVE-2025-58245 is a cross-site scripting vulnerability described as DOM-based XSS in the Portfolio plugin (BestWebSoft) for WordPress. The initial document states Portfolio versions up to and including 2.58 are affected (noted as from n/a through

WordPress plugin Card Elements for WPBakery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site...

PT-2025-38999

Name of the Vulnerable Software and Affected Versions HT Mega – Absolute Addons for WPBakery Page Builder versions through 1.0.9 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting XSS. This specific instan...

WordPress plugin HT Mega – Absolute Addons for WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

WordPress plugin xili-language 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

PT-2025-39056

Name of the Vulnerable Software and Affected Versions PenciDesign Penci Portfolio versions through 3.5 Description The software contains a flaw related to improper input handling during web page creation, leading to a DOM-Based Cross-site Scripting XSS condition. This allows for potential malicio...

CVE-2025-58822

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mndpsingh287 WP Mail wp-mail allows DOM-Based XSS.This issue affects WP Mail: from n/a through = 1.3...

CVE-2025-58834

CVE-2025-58834 is a DOM-based XSS in the WordPress short.io plugin up to version 2.4.0. Root cause: improper input neutralization during web page generation. Impact: cross-site scripting exposure affecting pages rendered by the plugin. Mitigation: upgrade to a version later than 2.4.0 (per PT-202...

CVE-2025-58786 WordPress Ibtana – Ecommerce Product Addons plugin <= 0.4.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VW THEMES Ibtana – Ecommerce Product Addons ibtana-ecommerce-product-addons allows DOM-Based XSS.This issue affects Ibtana – Ecommerce Product Addons: from n/a through = 0.4.7.6...

CVE-2025-58631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZEEN101 IssueM issuem allows DOM-Based XSS.This issue affects IssueM: from n/a through = 2.9.0...

WordPress plugin IssueM 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-58205

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.6...

CVE-2025-58212 WordPress Epeken All Kurir Plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir epeken-all-kurir allows DOM-Based XSS.This issue affects Epeken All Kurir: from n/a through = 2.0.1...

CVE-2025-46856

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

CVE-2025-46856 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

PT-2025-34133 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: Adobe Experience Manager is susceptible to a DOM-based Cross-Site Scripting XSS issue. A low-privileged attacker could exploit this by manipulating the Document Object Model DO...

WordPress plugin iframe Wrapper 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-54708 WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through = 2.0.5...