4382 matches found
CVE-2025-58220
CVE-2025-58220 corresponds to Card Elements for WPBakery (WordPress) and is an XSS vulnerability (Stored Cross-Site Scripting) in Card Elements for WPBakery. Affected: Card Elements for WPBakery plugin, evidence shows vulnerable component is Card Elements for WPBakery
CVE-2025-58220
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Techeshta Card Elements for WPBakery card-elements-for-wpbakery allows DOM-Based XSS.This issue affects Card Elements for WPBakery: from n/a through = 1.0.8...
CVE-2025-58230
ZoloBlocks (WordPress plugin) has a DOM-based XSS vulnerability caused by improper input neutralization during Web Page Generation. Affected versions are listed as up to 2.3.9 in the CVE description, with connected sources indicating a later patched state (≤ 2.3.12). Exploitation details are not ...
CVE-2025-58232
CVE-2025-58232 affects Image Editor by Pixo (WordPress plugin). The entry documents a DOM/Stored XSS vector in the Editor component, arising from Improper Neutralization of Input During Web Page Generation. Affected version:
CVE-2025-58232 WordPress Image Editor by Pixo Plugin <= 2.3.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ickata Image Editor by Pixo image-editor-by-pixo allows DOM-Based XSS.This issue affects Image Editor by Pixo: from n/a through = 2.3.8...
CVE-2025-58233
CVE-2025-58233 describes a DOM-based XSS vulnerability in Guaven Labs SQL Chart Builder. Affected: SQL Chart Builder versions up to 2.3.7.2 (no fixed version specified in the documents beyond that). The issue is an input handling problem during web page generation that can lead to Cross-Site Scri...
CVE-2025-58241 WordPress SnapWidget Social Photo Feed Widget Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in snapwidget SnapWidget Social Photo Feed Widget snapwidget-wp-instagram-widget allows DOM-Based XSS.This issue affects SnapWidget Social Photo Feed Widget: from n/a through = 1.1.0...
CVE-2025-58245 WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bestweblayout Portfolio portfolio allows DOM-Based XSS.This issue affects Portfolio : from n/a through = 2.58...
CVE-2025-58245
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58...
CVE-2025-58245
CVE-2025-58245 is a cross-site scripting vulnerability described as DOM-based XSS in the Portfolio plugin (BestWebSoft) for WordPress. The initial document states Portfolio versions up to and including 2.58 are affected (noted as from n/a through
CVE-2025-58253 WordPress Real Estate Manager Plugin <= 7.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows DOM-Based XSS.This issue affects Real Estate Manager: from n/a through = 7.3...
CVE-2025-58651
CVE-2025-58651 affects PlayerJS (PlayerJS) with DOM-based XSS due to improper input neutralization during web page generation, impacting versions up to 2.24. The connected docs indicate this vulnerability is unpatched; no remediation details are provided in the supplied materials.
CVE-2025-58651 WordPress PlayerJS Plugin <= 2.24 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PlayerJS PlayerJS playerjs allows DOM-Based XSS.This issue affects PlayerJS: from n/a through = 2.24...
PT-2025-38886
Name of the Vulnerable Software and Affected Versions Techeshta Card Elements for WPBakery versions through 1.0.8 Description The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting issue. This allows for the injectio...
WordPress plugin Card Elements for WPBakery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site...
WordPress plugin SnapWidget Social Photo Feed Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin HT Mega – Absolute Addons for WPBakery Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...
PT-2025-39021
Name of the Vulnerable Software and Affected Versions WPFactory Adverts versions through 1.4 Description A flaw exists in WPFactory Adverts that allows for DOM-Based Cross-site Scripting XSS. This issue arises from improper neutralization of input during web page generation. The vulnerability cou...
PT-2025-38895
Name of the Vulnerable Software and Affected Versions bdthemes ZoloBlocks versions through 2.3.9 Description A flaw exists in bdthemes ZoloBlocks that allows for DOM-Based Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerability...
PT-2025-38999
Name of the Vulnerable Software and Affected Versions HT Mega – Absolute Addons for WPBakery Page Builder versions through 1.0.9 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting XSS. This specific instan...