4382 matches found
CVE-2025-26982
CVE-2025-26982 corresponds to a DOM-based XSS in the DSGVO Youtube WordPress plugin (DSGVO Youtube) prior to or up to version 1.5.1. The issue arises from improper input neutralization during web page generation, enabling DOM-based Cross-Site Scripting. The vulnerability affects DSGVO Youtube 1.5...
CVE-2025-26744 WordPress JetBlog plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlog jet-blog allows DOM-Based XSS.This issue affects JetBlog: from n/a through = 2.4.3...
CVE-2025-26744 WordPress JetBlog plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlog jet-blog allows DOM-Based XSS.This issue affects JetBlog: from n/a through = 2.4.3...
PT-2025-16524 · Unknown · Covertnine C9 Blocks
Name of the Vulnerable Software and Affected Versions: covertnine C9 Blocks versions 1.7.7 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This is a type of Cross-site Scripting attack that occurs in the...
WordPress plugin JetEngine 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress plugin SpaBiz 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2025-16517 · WordPress · Wp Delete User Accounts
Name of the Vulnerable Software and Affected Versions: WP Delete User Accounts versions 1.2.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based Cross-site Scripting XSS. This enables potential attackers to...
PT-2025-16514 · Jetengine · Jetengine
Name of the Vulnerable Software and Affected Versions: JetEngine versions 3.6.4.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based Cross-site Scripting XSS. This means that an attacker could potentially inject...
PT-2025-16324 · Unknown · Dsgvo Youtube
Name of the Vulnerable Software and Affected Versions: DSGVO Youtube versions n/a through 1.5.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This problem affects DSGVO Youtube. Recommendations: For versions n/a...
CVE-2025-32683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through = 8.6.6...
CVE-2025-32690
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through = 11.12.5...
CVE-2025-32690
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through = 11.12.5...
CVE-2025-32683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through = 8.6.6...
CVE-2025-32683 WordPress MapSVG Lite plugin <= 8.6.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through = 8.6.6...
CVE-2025-32683
CVE-2025-32683: MapSVG Lite (MapSVG – Vector maps) is affected by an Authenticated (Contributor+) Stored Cross-Site Scripting in MapSVG Lite versions up to 8.5.34. Root cause and exact payload are not provided here, but the vulnerability is described as stored XSS in the MapSVG component. Patch s...
CVE-2025-32690
CVE-2025-32690 (PowerPress Podcasting) : WordPress plugin PowerPress Podcasting by Blubrry is affected up to version 11.12.5. Public sources in the connected docs identify this as an authenticated, stored cross-site scripting vulnerability within the plugin, arising from input handling during pag...
CVE-2025-32690 WordPress PowerPress Podcasting plugin <= 11.12.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through = 11.12.5...
WordPress plugin PowerPress Podcasting 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-15828 · Unknown · Powerpress Podcasting
Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting versions through 11.12.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker could...
PT-2025-15825 · Unknown · Mapsvg Lite
Name of the Vulnerable Software and Affected Versions: MapSVG Lite versions through 8.5.32 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker could potentiall...