CVE-2026-24528

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

CVE-2026-24621 WordPress Terms descriptions plugin <= 3.4.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through = 3.4.9...

CVE-2026-24621

CVE-2026-24621 is a DOM-based XSS in the WordPress Terms descriptions plugin (terms-descriptions) caused by improper input neutralization during web page generation. Affected: Terms descriptions plugin, versions n/a through 3.4.9. Impact per sources: DOM-based XSS could leak or alter content in t...

CVE-2026-24584 WordPress Tutor LMS BunnyNet Integration plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through = 1.0.0...

CVE-2026-24584

CVE-2026-24584 affects the WordPress plugin “Tutor LMS BunnyNet Integration” (Themeum) up to version 1.0.0. The issue is a DOM-based XSS caused by improper input neutralization during web page generation. Public sources in the Connected Documents (Wordfence, CVE listings) confirm the vulnerabilit...

CVE-2026-24526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

CVE-2026-24526 WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

WordPress plugin: Email Inquiry & Cart Options for WooCommerce – Cross-site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-68900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold allows DOM-Based XSS. This issue affects Enfold: from n/a through 7.1.3...

CVE-2026-24389

CVE-2026-24389 concerns the WordPress Gallery PhotoBlocks plugin (photoblocks-grid-gallery). Public sources confirm a Cross-Site Scripting (DOM-based) vulnerability in Gallery PhotoBlocks versions up to 1.3.2, arising from improper input neutralization during web page generation. Exploitation cou...

CVE-2026-24354

CVE-2026-24354: Penci Shortcodes & Performance (penci-shortcodes) is affected by a DOM-Based XSS in input during web page generation. The issue is authenticated (Contributor+) and affects versions up to and including 6.1. Based on connected documents, a patch is available (Patch Status: Patched);...

CVE-2026-22349

CVE-2026-22349 affects the WordPress plugin “Menu In Post” (Menu In Post). The vulnerability is a DOM-based Cross-Site Scripting (XSS) vulnerability caused by Improper Neutralization of Input During Web Page Generation. Affected versions are

CVE-2025-68900 WordPress Enfold theme <= 7.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold allows DOM-Based XSS. This issue affects Enfold: from n/a through 7.1.3...

CVE-2025-68900

CVE-2025-68900 : DOM-based XSS in WordPress theme Enfold (enfold) affecting version

CVE-2025-68538 WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through = 2.3.6...

CVE-2025-50005

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

CVE-2025-50005 WordPress tagDiv Composer plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

WordPress plugin Penci Shortcodes & Performance – Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-3981

Name of the Vulnerable Software and Affected Versions tagDiv Composer versions through 5.4.2 Description A flaw exists in tagDiv Composer’s handling of input during web page generation, leading to a DOM-Based Cross-site Scripting issue. This allows for the injection of malicious scripts into web...