CVE-2025-31412

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows DOM-Based XSS.This issue affects JetProductGallery: from n/a through = 2.1.22...

CVE-2025-31043

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.7...

CVE-2025-31412

JetProductGallery (JetProductGallery) plugin for WordPress has a DOM-based XSS (CVE-2025-31412) affecting versions up to 2.1.22. Exploitation requires authentication (Contributor+). Patch available in 2.1.22; upgrade to 2.1.22 or later to remediate. This aligns with linked Wordfence details indic...

CVE-2025-31412 WordPress JetProductGallery plugin <= 2.1.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound JetProductGallery allows DOM-Based XSS. This issue affects JetProductGallery: from n/a through 2.1.22...

CVE-2025-31043 WordPress JetSearch plugin <= 3.5.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound JetSearch allows DOM-Based XSS. This issue affects JetSearch: from n/a through 3.5.7...

CVE-2025-31043

CVE-2025-31043 : JetSearch (WordPress plugin) has a DOM-based cross-site scripting (XSS) vulnerability in the JetSearch component due to improper input handling during web page generation. Affected: JetSearch versions up to 3.5.7 (requires authenticated access at Contributor+ level). Impact: stor...

WordPress plugin Simple Owl Carousel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress plugin Caspio Bridge Custom Database Applications by Caspio 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Caspio Bridge Custom...

WordPress plugin JetSearch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

WordPress plugin Twice Commerce Twice Commerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin Twice Commerce A...

WordPress plugin JetSmartFilters 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-31077

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through = 3.2.7...

CVE-2025-31093

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redpixelstudios RPS Include Content rps-include-content allows DOM-Based XSS.This issue affects RPS Include Content: from n/a through = 1.2.1...

CVE-2025-31096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 4.1.25...

CVE-2025-22660

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wolfgang Include Mastodon Feed include-mastodon-feed allows DOM-Based XSS.This issue affects Include Mastodon Feed: from n/a through = 1.9.9...

CVE-2025-22816

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codetrendy Power Mag power-mag allows DOM-Based XSS.This issue affects Power Mag: from n/a through = 1.1.5...

CVE-2025-26738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Graham Quick Interest Slider quick-interest-slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through = 3.1.5...

CVE-2025-26732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in burgersoftware StoreBiz storebiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through = 1.0.32...

CVE-2025-26737

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5...

CVE-2025-30766

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows DOM-Based XSS.This issue affects Happy Addons for Elementor: from n/a through = 3.16.2...