CVE-2025-39582 WordPress WP Data Access plugin <= 5.5.36 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Passionate Programmer Peter WP Data Access wp-data-access allows DOM-Based XSS.This issue affects WP Data Access: from n/a through = 5.5.36...

CVE-2025-39582

CVE-2025-39582 is a DOM-based XSS vulnerability affecting the WordPress plugin WP Data Access (versions up to 5.5.36). The issue arises from improper input neutralization during web page generation, allowing an attacker to inject and execute scripts in the victim’s browser context. Connected sour...

WordPress plugin WP Flipclock 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

CVE-2025-26930

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alleythemes Home Services home-services allows DOM-Based XSS.This issue affects Home Services: from n/a through = 1.2.6...

CVE-2025-26951

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in covertnine C9 Blocks c9-blocks allows DOM-Based XSS.This issue affects C9 Blocks: from n/a through = 1.7.7...

CVE-2025-26906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ren Ventura WP Delete User Accounts wp-delete-user-accounts allows DOM-Based XSS.This issue affects WP Delete User Accounts: from n/a through = 1.2.3...

CVE-2025-26870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through = 3.6.4.1...

CVE-2025-26740

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in burgersoftware SpaBiz spabiz allows DOM-Based XSS.This issue affects SpaBiz: from n/a through = 1.0.18...

CVE-2025-26951

CVE-2025-26951 — WordPress (C9 Blocks) XSS : The vulnerability is a DOM-based Cross-Site Scripting flaw in the C9 Blocks plugin for WordPress, caused by improper neutralization of input during web page generation. Affected: C9 Blocks up to version 1.7.7. Impact is described as stored DOM-based XS...

CVE-2025-26930 WordPress Home Services plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alleythemes Home Services home-services allows DOM-Based XSS.This issue affects Home Services: from n/a through = 1.2.6...

CVE-2025-26930

CVE-2025-26930 describes a DOM-based XSS in the alleythemes Home Services WordPress plugin, affecting versions

CVE-2025-26930 WordPress Home Services plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alleythemes Home Services home-services allows DOM-Based XSS.This issue affects Home Services: from n/a through = 1.2.6...

CVE-2025-26870 WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through = 3.6.4.1...

CVE-2025-26870

CVE-2025-26870 is a DOM-based Cross-Site Scripting vulnerability in JetEngine (NotFound) with the root cause described as improper neutralization of input during web page generation, enabling a DOM-based XSS condition. The vulnerability affects JetEngine versions up to 3.6.4.1 and is classified a...

CVE-2025-26906 WordPress WP Delete User Accounts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ren Ventura WP Delete User Accounts wp-delete-user-accounts allows DOM-Based XSS.This issue affects WP Delete User Accounts: from n/a through = 1.2.3...

CVE-2025-26740 WordPress SpaBiz plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in burgersoftware SpaBiz spabiz allows DOM-Based XSS.This issue affects SpaBiz: from n/a through = 1.0.18...

CVE-2025-26740

CVE-2025-26740 is confirmed in SpaBiz (WordPress plugin) as an authenticated (Contributor+) Stored Cross-Site Scripting vulnerability affecting SpaBiz versions up to 1.0.18. The linked Wordfence entry lists CVE-2025-26740 with SpaBiz, specifies that exploitation requires authentication at the Con...

CVE-2025-26740 WordPress SpaBiz plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in burgersoftware SpaBiz spabiz allows DOM-Based XSS.This issue affects SpaBiz: from n/a through = 1.0.18...

CVE-2025-26982

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric-Oliver Mächler DSGVO Youtube dsgvo-youtube allows DOM-Based XSS.This issue affects DSGVO Youtube: from n/a through = 1.5.1...

CVE-2025-26744

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlog jet-blog allows DOM-Based XSS.This issue affects JetBlog: from n/a through = 2.4.3...