CVE-2025-30771

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alain-Aymerick FRANCOIS WP Cassify wp-cassify allows DOM-Based XSS.This issue affects WP Cassify: from n/a through = 2.3.5...

CVE-2025-30818

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mlaza jAlbum Bridge jalbum-bridge allows DOM-Based XSS.This issue affects jAlbum Bridge: from n/a through = 2.0.17...

CVE-2025-30832

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Event Post themify-event-post allows DOM-Based XSS.This issue affects Themify Event Post: from n/a through = 1.3.2...

CVE-2025-30786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in oooorgle Quotes llama quotes-llama allows DOM-Based XSS.This issue affects Quotes llama: from n/a through = 3.1.0...

CVE-2025-30770

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syed Balkhi Charitable charitable allows DOM-Based XSS.This issue affects Charitable: from n/a through = 1.8.4.7...

CVE-2025-30860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus Slidebars off-canvas-sidebars allows DOM-Based XSS.This issue affects Off-Canvas Sidebars & Menus Slidebars: from n/a through = 0.5.8.2...

CVE-2025-30907

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

CVE-2025-30826

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lannoy IP Locator ip-locator allows DOM-Based XSS.This issue affects IP Locator: from n/a through = 4.1.0...

CVE-2025-30903

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Mills SyntaxHighlighter Evolved syntaxhighlighter allows DOM-Based XSS.This issue affects SyntaxHighlighter Evolved: from n/a through = 3.7.1...

CVE-2025-30893

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in varunvairavanlc LeadConnector leadconnector allows DOM-Based XSS.This issue affects LeadConnector: from n/a through = 3.0.2...

CVE-2025-31096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 4.1.25...

CVE-2025-31093

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redpixelstudios RPS Include Content rps-include-content allows DOM-Based XSS.This issue affects RPS Include Content: from n/a through = 1.2.1...

CVE-2025-31077

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through = 3.2.7...

CVE-2025-31077

CVE-2025-31077 is a stored XSS in Ultimate Blocks (WordPress Blocks Plugin) affecting versions up to 3.2.7. The Wordfence vulnerability listing notes authenticated access (Contributor+) as the prerequisite and that a patch exists; upgrade to version 3.2.7+ to remediate.

CVE-2025-31093 WordPress RPS Include Content <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redpixelstudios RPS Include Content allows DOM-Based XSS. This issue affects RPS Include Content: from n/a through 1.2.1...

CVE-2025-31093

CVE-2025-31093 is a DOM-based XSS in the WordPress plugin RPS Include Content (RPS Include Content). Affected versions: from n/a through 1.2.1. The issue arises from improper input handling during web page generation, enabling cross-site scripting via the plugin’s include-content functionality. E...

CVE-2025-31096 WordPress PostX <= 4.1.25 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX allows DOM-Based XSS. This issue affects PostX: from n/a through 4.1.25...

CVE-2025-31096 WordPress PostX plugin <= 4.1.25 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 4.1.25...

CVE-2025-31096

CVE-2025-31096 affects WordPress PostX (Post Grid Gutenberg Blocks) plugin. The WordPress plugin PostX versions up to 4.1.25 are vulnerable to a Cross-Site Scripting (Stored) flaw via inputs generated during web page rendering, enabling XSS in authenticated contexts. Remediation: upgrade to PostX...

WordPress plugin Ultimate Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...