CVE-2026-27058

The CVE-2026-27058 entry concerns the WordPress Penci Podcast plugin (versions up to 1.7). The vulnerability is a client-side DOM-based Cross-Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation. Affected component is the plugin in the WordPress environm...

CVE-2026-27058 WordPress Penci Podcast plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through = 1.7...

CVE-2026-27059 WordPress Penci Recipe plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through = 4.1...

CVE-2026-25453 WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

CVE-2026-25331 WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

CVE-2026-25331

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

CVE-2026-25307 WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through 5.7...

CVE-2026-25847

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible...

CVE-2026-25847

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible...

CVE-2026-25847

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible...

WordPress Bold Page Builder plugin <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid vulnerability

Authenticated Author+ Stored DOM-based Cross-Site Scripting in Post Grid vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Bold Page Builder versions = 5.5.3...

CVE-2026-24526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

CVE-2026-24621

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through = 3.4.9...

CVE-2026-24526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

CVE-2026-24632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...

CVE-2026-24632

CVE-2026-24632 describes a DOM-Based XSS in the WordPress plugin Delay Redirects prior to 1.0.0, caused by improper input neutralization during web-page generation. The issue affects Delay Redirects

CVE-2026-24614

CVE-2026-24614 affects the WordPress plugin Flex QR Code Generator (flex-qr-code-generator). The vulnerability is a DOM-based XSS caused by improper neutralization during web page generation. Public references indicate impact on Flex QR Code Generator versions up to 1.2.8 (NVD/Red Hat) with Patch...

CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

PT-2026-4376

Name of the Vulnerable Software and Affected Versions Steve Truman Email Inquiry & Cart Options for WooCommerce versions through 3.4.3 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This...

CVE-2026-24354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...