PT-2025-50278

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0-rc.1 through 4.7.0 Description ZITADEL, an open-source identity infrastructure tool, is susceptible to a DOM-Based Cross-Site Scripting XSS issue through the Zitadel V2 logout endpoint. The /logout API endpoint insecurel...

CVE-2025-66091

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through = 8.1.5...

CVE-2025-66090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

EUVD-2025-198455

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 4.8...

EUVD-2025-198458

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

CVE-2025-66057

The CVE refers to Bold Page Builder (WordPress) with a DOM-based XSS due to improper input handling during web page generation. Affected: Bold Page Builder, versions up to and including 5.5.2. Impact described in connected sources indicates a Stored Cross-Site Scripting issue that can affect auth...

CVE-2025-63883

CVE-2025-63883 affects electic-shop v1.0. The vulnerability is a DOM-based XSS in client-side code that reads attacker-controlled input (e.g., URL parameters or fragment) and writes it into the DOM using unsafe sinks such as innerHTML, insertAdjacentHTML, or document.write without proper sanitiza...

CVE-2025-11892

GitHub Enterprise Server is affected by CVE-2025-11892: an improper neutralization of input leads to DOM-based cross-site scripting via the Issues search label filter, enabling privilege escalation and unauthorized workflow triggers. Exploitation requires user interaction and access to a target s...

CVE-2025-62032

CVE-2025-62032 describes a DOM-based XSS in the WordPress plugin tagDiv Cloud Library (td-cloud-library) for versions earlier than 3.9.2, caused by improper input neutralization during web page generation. The issue affects the plugin prior to 3.9.2 and could allow injected scripts through DOM ma...

CVE-2025-64361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows DOM-Based XSS.This issue affects Consulting Elementor Widgets: from n/a through = 1.4.2...

CVE-2025-64365 WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through = 3.6.0...

CVE-2025-64365 WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through = 3.6.0...

CVE-2025-64362 WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through 5.5.0...

CVE-2025-62967

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through = 3.6.25...

EUVD-2025-36017

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debuggers Studio Marquee Addons for Elementor marquee-addons-for-elementor allows DOM-Based XSS.This issue affects Marquee Addons for Elementor: from n/a through = 3.7.12...

CVE-2025-62921 WordPress Bulk Auto Image Title Attribute plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a through = 2.0.1...

CVE-2025-62887 WordPress King Addons for Elementor plugin <= 51.1.61 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through = 51.1.61...

CVE-2025-62887 WordPress King Addons for Elementor plugin <= 51.1.61 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through = 51.1.61...

CVE-2025-62885

The CVE-2025-62885 entry concerns the WordPress WP VR plugin (RexTheme) with a DOM-based XSS caused by improper input neutralization during web page generation. Affected: WP VR

WordPress plugin Estatik 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...