CVE-2025-53275

CVE-2025-53275 affects the WordPress plugin Leyka (versions

CVE-2025-53202

CVE-2025-53202 is a DOM-based XSS in CyberChimps Responsive Blocks (WordPress) affecting versions n/a–2.0.6. The root cause is improper input neutralization during web page generation, enabling cross-site scripting. The CVSSv3.1 base score is 6.5 (Medium) with network attack vector, low attack co...

WordPress plugin Leyka 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-27182 · Leyka · Leyka

Name of the Vulnerable Software and Affected Versions: Leyka versions 3.31.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means that an attacker could potentially inject malicious scripts into th...

WordPress plugin Raise The Money 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-27156 · Cyberchimps · Cyberchimps Responsive Blocks

Name of the Vulnerable Software and Affected Versions: CyberChimps Responsive Blocks versions n/a through 2.0.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an...

PT-2025-27154 · Elementor · Ht Slider For Elementor

Name of the Vulnerable Software and Affected Versions: HT Slider For Elementor versions 1.6.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker...

PT-2025-27202 · Theme Junkie · Theme Junkie Team Content

Name of the Vulnerable Software and Affected Versions: Theme Junkie Team Content versions 0.1.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS attacks. This can potentially lead to malicious scripts bein...

PT-2025-27195 · WordPress · Samsk Wp Datatable

Name of the Vulnerable Software and Affected Versions: samsk WP DataTable versions 0.2.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS in samsk WP DataTable...

WordPress plugin Popup addon for Ninja Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-27186 · Unknown · Popup Addon For Ninja Forms

Name of the Vulnerable Software and Affected Versions: Aman Popup addon for Ninja Forms versions n/a through 3.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an...

CVE-2025-52875

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible...

CVE-2025-52875

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible...

CVE-2025-52875

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible...

CVE-2025-52875

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible...

CVE-2025-52875

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible...

CVE-2025-52875

JetBrains TeamCity before 2025.03.3 is affected by a DOM-based XSS on the Performance Monitor page. The vulnerability stems from insufficient filtering/escaping of user-supplied data, allowing an attacker to inject arbitrary JavaScript/HTML that runs in a victim’s browser. Impact is browser-level...

CVE-2025-52733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anonform Ab ANON::form embedded secure form anonform-embedded-secure-form allows DOM-Based XSS.This issue affects ANON::form embedded secure form: from n/a through = 1.7...

CVE-2025-50045

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ProWCPlugins Related Products Manager for WooCommerce related-products-manager-woocommerce allows DOM-Based XSS.This issue affects Related Products Manager for WooCommerce: from n/a through = 1.6.2...

CVE-2025-50030

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Spark Multipurpose spark-multipurpose allows DOM-Based XSS.This issue affects Spark Multipurpose: from n/a through = 1.0.7...