PT-2025-17492 · Elementor · Elementor

Name of the Vulnerable Software and Affected Versions: Post in page for Elementor versions 1.0.1 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows for DOM-Based XSS in Post in page for...

PT-2025-17536 · Crocoblock · Jettabs

Name of the Vulnerable Software and Affected Versions: Crocoblock JetTabs versions 2.2.7 and earlier Description: The issue affects Crocoblock JetTabs, allowing for DOM-Based XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting...

CVE-2025-26930

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alleythemes Home Services home-services allows DOM-Based XSS.This issue affects Home Services: from n/a through = 1.2.6...

CVE-2025-26740

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in burgersoftware SpaBiz spabiz allows DOM-Based XSS.This issue affects SpaBiz: from n/a through = 1.0.18...

CVE-2025-26906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ren Ventura WP Delete User Accounts wp-delete-user-accounts allows DOM-Based XSS.This issue affects WP Delete User Accounts: from n/a through = 1.2.3...

CVE-2025-26870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through = 3.6.4.1...

CVE-2025-26951

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in covertnine C9 Blocks c9-blocks allows DOM-Based XSS.This issue affects C9 Blocks: from n/a through = 1.7.7...

CVE-2025-26982

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric-Oliver Mächler DSGVO Youtube dsgvo-youtube allows DOM-Based XSS.This issue affects DSGVO Youtube: from n/a through = 1.5.1...

CVE-2025-26744

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlog jet-blog allows DOM-Based XSS.This issue affects JetBlog: from n/a through = 2.4.3...

CVE-2025-39582

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Passionate Programmer Peter WP Data Access wp-data-access allows DOM-Based XSS.This issue affects WP Data Access: from n/a through = 5.5.36...

CVE-2025-39579

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows DOM-Based XSS.This issue affects Membership For WooCommerce: from n/a through = 2.8.0...

CVE-2025-39540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rhys Wynne WP Flipclock wp-flipclock allows DOM-Based XSS.This issue affects WP Flipclock: from n/a through = 1.9.1...

CVE-2025-39516

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alan Petersen Author WIP Progress Bar author-work-in-progress-bar allows DOM-Based XSS.This issue affects Author WIP Progress Bar: from n/a through = 1.0...

CVE-2025-39516

The CVE-2025-39516 entry is tied to the WordPress plugin Author WIP Progress Bar. The connected sources specify a DOM-based XSS due to improper input neutralization during web page generation, affecting Author WIP Progress Bar versions from n/a through 1.0. The initial and related records do not ...

CVE-2025-39516 WordPress Author WIP Progress Bar <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alan Petersen Author WIP Progress Bar allows DOM-Based XSS. This issue affects Author WIP Progress Bar: from n/a through 1.0...

CVE-2025-39540

CVE-2025-39540 refers to a Cross-Site Scripting (DOM-based) vulnerability in the WordPress plugin WP Flipclock. Public records specify the issue affects WP Flipclock versions up to 1.9.x (1.9.1 cited in patches) and is caused by improper input neutralization during web page generation. Exploitati...

CVE-2025-39540 WordPress WP Flipclock plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rhys Wynne WP Flipclock wp-flipclock allows DOM-Based XSS.This issue affects WP Flipclock: from n/a through = 1.9.1...

CVE-2025-39579 WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows DOM-Based XSS.This issue affects Membership For WooCommerce: from n/a through = 2.8.0...

CVE-2025-39579 WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows DOM-Based XSS.This issue affects Membership For WooCommerce: from n/a through = 2.8.0...

CVE-2025-39579

CVE-2025-39579 is a DOM-based XSS in WordPress plugin Membership For WooCommerce (versions up to 2.8.0). The vulnerability arises from improper input neutralization during web page generation and is exploitable by an authenticated user with low privileges, requiring user interaction. CVSS v3.1 ba...