CVE-2025-59585

CVE-2025-59585 affects the WordPress plugin Penci Recipe. The connected document confirms a DOM-based XSS due to improper input neutralization during web page generation, affecting Penci Recipe versions from n/a through 4.0. The CVSS metrics indicate a network-accessible, low-privilege, low-impac...

CVE-2025-59585 WordPress Penci Recipe Plugin <= 4.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Recipe allows DOM-Based XSS. This issue affects Penci Recipe: from n/a through 4.0...

CVE-2025-59587 WordPress Penci Shortcodes & Performance Plugin < 6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through 6.1...

CVE-2025-59589

According to the connected Wordfence data, Soledad (WordPress theme) has an authenticated Local File Inclusion vulnerability affecting Soledad

CVE-2025-59589 WordPress Soledad Theme <= 8.6.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through = 8.6.8...

CVE-2025-53463 WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...

CVE-2025-53463 WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...

CVE-2025-57911 WordPress Adverts Plugin <= 1.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Adverts adverts-click-tracker allows DOM-Based XSS.This issue affects Adverts: from n/a through = 1.4...

CVE-2025-57911 WordPress Adverts Plugin <= 1.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Adverts allows DOM-Based XSS. This issue affects Adverts: from n/a through 1.4...

CVE-2025-57911

CVE-2025-57911 is tied to the WordPress Adverts Plugin – Adverts Click Tracker. The connected data indicate an authenticated, stored cross‑site scripting (XSS) vulnerability in Adverts

CVE-2025-57938 WordPress Easy Hotel Booking plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themewant Easy Hotel Booking easy-hotel allows DOM-Based XSS.This issue affects Easy Hotel Booking: from n/a through = 1.9.0...

CVE-2025-57947 WordPress Photo Gallery by Ays Plugin <= 6.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through = 6.3.8...

CVE-2025-57948

CVE-2025-57948 affects Directory Pro (WordPress plugin). It is described as an Authenticated Stored Cross-Site Scripting vulnerability in Directory Pro versions up to 2.5.5, caused by improper neutralization of input during web page generation. The connected materials indicate patch status is Unp...

CVE-2025-57954 WordPress Poll Maker Plugin <= 6.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Poll Maker allows DOM-Based XSS. This issue affects Poll Maker: from n/a through 6.0.1...

CVE-2025-57963

CVE-2025-57963 affects Zoho Billing (Zoho Subscriptions) where DOM-based XSS can be triggered through improper input neutralization during web page generation. Affected version range is up to 4.1; public details indicate this remains unpatched per Wordfence reporting, with the vulnerability categ...

CVE-2025-57963 WordPress Zoho Billing Plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing zoho-subscriptions allows DOM-Based XSS.This issue affects Zoho Billing: from n/a through = 4.1...

CVE-2025-57999

CVE-2025-57999 details a DOM-based XSS vulnerability in WPKoi Templates for Elementor. Affected product: WPKoi Templates for Elementor. Affected version range: from n/a through 3.4.1. Description notes improper input neutralization during web page generation leading to cross-site scripting. The I...

CVE-2025-57999 WordPress WPKoi Templates for Elementor Plugin <= 3.4.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpkoithemes WPKoi Templates for Elementor allows DOM-Based XSS. This issue affects WPKoi Templates for Elementor: from n/a through 3.4.1...

CVE-2025-58220 WordPress Card Elements for WPBakery Plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Techeshta Card Elements for WPBakery card-elements-for-wpbakery allows DOM-Based XSS.This issue affects Card Elements for WPBakery: from n/a through = 1.0.8...

CVE-2025-58220 WordPress Card Elements for WPBakery Plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Techeshta Card Elements for WPBakery card-elements-for-wpbakery allows DOM-Based XSS.This issue affects Card Elements for WPBakery: from n/a through = 1.0.8...