CVE-2025-26904

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in galop WP Responsive Auto Fit Text wp-responsive-slab-text allows DOM-Based XSS.This issue affects WP Responsive Auto Fit Text: from n/a through = 0.2...

CVE-2025-26878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in patternsinthecloud Autoship Cloud for WooCommerce Subscription Products autoship-cloud allows DOM-Based XSS.This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through...

GHSA-M2JW-CJ8V-937R copyparty renders unsanitized filenames as HTML when user uploads empty files

Summary A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk. Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the...

copyparty renders unsanitized filenames as HTML when user uploads empty files

Summary A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk. Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the...

CVE-2025-27265

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aaron D. Campbell Google Maps for WordPress google-maps-for-wordpress allows DOM-Based XSS.This issue affects Google Maps for WordPress: from n/a through = 1.0.3...

CVE-2025-27320

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pankaj Mondal Profile Widget Ninja profile-widget-ninja allows DOM-Based XSS.This issue affects Profile Widget Ninja: from n/a through = 4.3...

CVE-2025-27331

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sébastien Dumont WooCommerce Display Products by Tags woocommerce-display-products-by-tags allows DOM-Based XSS.This issue affects WooCommerce Display Products by Tags: from n/a through = 1.0.0...

CVE-2025-27327

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Winlin Live Streaming Video Player – by SRS Player srs-player allows DOM-Based XSS.This issue affects Live Streaming Video Player – by SRS Player: from n/a through = 1.0.18...

CVE-2025-27323

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jon Bishop WP About Author wp-about-author allows DOM-Based XSS.This issue affects WP About Author: from n/a through = 1.5...

CVE-2025-27280

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...

CVE-2025-27325

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruce Video.js HLS Player videojs-hls-player allows DOM-Based XSS.This issue affects Video.js HLS Player: from n/a through = 1.0.2...

CVE-2025-27330

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PlayerJS PlayerJS playerjs allows DOM-Based XSS.This issue affects PlayerJS: from n/a through = 2.23...

CVE-2025-27329

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in inlinkz EZ InLinkz linkup inlinkz-scripter allows DOM-Based XSS.This issue affects EZ InLinkz linkup: from n/a through = 0.18...

CVE-2025-27266

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...

CVE-2025-26913

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webandprint AR For WordPress ar-for-wordpress allows DOM-Based XSS.This issue affects AR For WordPress: from n/a through = 7.7...

CVE-2025-26893

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kiran Potphode Easy Charts easy-charts allows DOM-Based XSS.This issue affects Easy Charts: from n/a through = 1.2.3...

CVE-2025-26904

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in galop WP Responsive Auto Fit Text wp-responsive-slab-text allows DOM-Based XSS.This issue affects WP Responsive Auto Fit Text: from n/a through = 0.2...

CVE-2025-26897

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Baden List Related Attachments list-related-attachments-widget allows DOM-Based XSS.This issue affects List Related Attachments: from n/a through = 2.1.6...

CVE-2025-26878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in patternsinthecloud Autoship Cloud for WooCommerce Subscription Products autoship-cloud allows DOM-Based XSS.This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through...

CVE-2025-26913 WordPress AR for WordPress plugin <= 7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webandprint AR For WordPress ar-for-wordpress allows DOM-Based XSS.This issue affects AR For WordPress: from n/a through = 7.7...