4382 matches found
CVE-2025-27325 WordPress Video.js HLS Player plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruce Video.js HLS Player videojs-hls-player allows DOM-Based XSS.This issue affects Video.js HLS Player: from n/a through = 1.0.2...
CVE-2025-27323 WordPress WP About Author plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jon Bishop WP About Author wp-about-author allows DOM-Based XSS.This issue affects WP About Author: from n/a through = 1.5...
CVE-2025-27323 WordPress WP About Author plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jon Bishop WP About Author wp-about-author allows DOM-Based XSS.This issue affects WP About Author: from n/a through = 1.5...
CVE-2025-27323
CVE-2025-27323 affects the WordPress plugin WP About Author. The vulnerability is described as a Cross-Site Scripting (DOM-Based XSS) flaw caused by improper input neutralization during web page generation. Affected version range is WP About Author from n/a through 1.5, with the CVSSv3.1 base sco...
CVE-2025-27320
The CVE CVE-2025-27320 concerns WordPress Profile Widget Ninja with a DOM-based XSS due to improper input neutralization during web page generation. Affected are Profile Widget Ninja versions up to 4.3. Exploitation details are not provided in the documents; the issue is described as a cross-site...
CVE-2025-27280 WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...
CVE-2025-27280
CVE-2025-27280 : WordPress Archive Page plugin (versions n/a–1.0.1) suffers a DOM-Based XSS due to improper input neutralization during page generation. Exploitation is reported as an authenticated (Contributor+) Stored XSS. Remediation: upgrade to a fixed release (1.0.2 or later) once available.
CVE-2025-27280 WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...
CVE-2025-27266
CVE-2025-27266 is a DOM-based XSS in the WordPress plugin Hover Image Button, with vulnerability reported for versions up to 1.1.2 and earlier. The connected documents confirm improper input neutralization during web page generation as the root cause. No explicit fix version is provided in the su...
CVE-2025-27265 WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aaron D. Campbell Google Maps for WordPress google-maps-for-wordpress allows DOM-Based XSS.This issue affects Google Maps for WordPress: from n/a through = 1.0.3...
CVE-2025-27265
CVE-2025-27265 corresponds to a DOM-based XSS in Google Maps for WordPress (WordPress plugin) affecting versions up to 1.0.3. The issue is described in connected sources as an Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability caused by improper input neutralization during web...
CVE-2025-27265 WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aaron D. Campbell Google Maps for WordPress google-maps-for-wordpress allows DOM-Based XSS.This issue affects Google Maps for WordPress: from n/a through = 1.0.3...
WordPress plugin EZ InLinkz linkup 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-7725 · Unknown · Alobaidi Archive Page
Name of the Vulnerable Software and Affected Versions: Alobaidi Archive Page versions n/a through 1.0.1 Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability, specifically DOM-Based XSS...
PT-2025-7752 · WordPress · Woocommerce Display Products By Tags
Name of the Vulnerable Software and Affected Versions: WooCommerce Display Products by Tags versions 1.0.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. Specifically, it is a...
WordPress plugin Live Streaming Video Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...
WordPress plugin Video.js HLS Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
WordPress plugin PlayerJS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-26973
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WarfarePlugins Social Warfare social-warfare allows DOM-Based XSS.This issue affects Social Warfare: from n/a through = 4.5.5...
CVE-2025-26973
CVE-2025-26973 corresponds to a DOM-based XSS in the WordPress Social Warfare plugin. Affected product: Social Warfare (WordPress plugin), versions up to and including 4.5.4; exploitation reportedly involves improper input neutralization during web page generation. The Wordfence vulnerability fee...