CVE-2025-58654

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michel - xiligroup dev xili-language xili-language allows DOM-Based XSS.This issue affects xili-language: from n/a through = 2.21.3...

CVE-2025-58230

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bdthemes ZoloBlocks zoloblocks allows DOM-Based XSS.This issue affects ZoloBlocks: from n/a through = 2.3.12...

CVE-2025-58232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ickata Image Editor by Pixo image-editor-by-pixo allows DOM-Based XSS.This issue affects Image Editor by Pixo: from n/a through = 2.3.8...

CVE-2025-59584 WordPress Penci Podcast Plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through = 1.6...

CVE-2025-59584

CVE-2025-59584 is a DOM-based XSS in the Penci Podcast WordPress plugin. The vulnerability arises from improper neutralization of user-controlled input during web page generation, enabling cross-site scripting. It affects Penci Podcast versions up to 1.6 (and was patched in a later release). Expl...

CVE-2025-59585 WordPress Penci Recipe Plugin <= 4.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Recipe allows DOM-Based XSS. This issue affects Penci Recipe: from n/a through 4.0...

CVE-2025-58220

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Techeshta Card Elements for WPBakery card-elements-for-wpbakery allows DOM-Based XSS.This issue affects Card Elements for WPBakery: from n/a through = 1.0.8...

CVE-2025-58230

ZoloBlocks (WordPress plugin) has a DOM-based XSS vulnerability caused by improper input neutralization during Web Page Generation. Affected versions are listed as up to 2.3.9 in the CVE description, with connected sources indicating a later patched state (≤ 2.3.12). Exploitation details are not ...

CVE-2025-58233

CVE-2025-58233 describes a DOM-based XSS vulnerability in Guaven Labs SQL Chart Builder. Affected: SQL Chart Builder versions up to 2.3.7.2 (no fixed version specified in the documents beyond that). The issue is an input handling problem during web page generation that can lead to Cross-Site Scri...

CVE-2025-58245

CVE-2025-58245 is a cross-site scripting vulnerability described as DOM-based XSS in the Portfolio plugin (BestWebSoft) for WordPress. The initial document states Portfolio versions up to and including 2.58 are affected (noted as from n/a through

WordPress plugin Card Elements for WPBakery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site...

PT-2025-38999

Name of the Vulnerable Software and Affected Versions HT Mega – Absolute Addons for WPBakery Page Builder versions through 1.0.9 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting XSS. This specific instan...

WordPress plugin HT Mega – Absolute Addons for WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

WordPress plugin xili-language 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

PT-2025-39056

Name of the Vulnerable Software and Affected Versions PenciDesign Penci Portfolio versions through 3.5 Description The software contains a flaw related to improper input handling during web page creation, leading to a DOM-Based Cross-site Scripting XSS condition. This allows for potential malicio...

CVE-2025-58822

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mndpsingh287 WP Mail wp-mail allows DOM-Based XSS.This issue affects WP Mail: from n/a through = 1.3...

CVE-2025-58834

CVE-2025-58834 is a DOM-based XSS in the WordPress short.io plugin up to version 2.4.0. Root cause: improper input neutralization during web page generation. Impact: cross-site scripting exposure affecting pages rendered by the plugin. Mitigation: upgrade to a version later than 2.4.0 (per PT-202...

CVE-2025-58786 WordPress Ibtana – Ecommerce Product Addons plugin <= 0.4.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VW THEMES Ibtana – Ecommerce Product Addons ibtana-ecommerce-product-addons allows DOM-Based XSS.This issue affects Ibtana – Ecommerce Product Addons: from n/a through = 0.4.7.6...

CVE-2025-58631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZEEN101 IssueM issuem allows DOM-Based XSS.This issue affects IssueM: from n/a through = 2.9.0...

WordPress plugin IssueM 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...