CVE-2024-13156 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-22827

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in joomag WP Joomag wp-joomag allows DOM-Based XSS.This issue affects WP Joomag: from n/a through = 2.5.2...

CVE-2025-22821

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vfthemes StorePress storepress allows DOM-Based XSS.This issue affects StorePress: from n/a through = 1.0.12...

CVE-2025-22823

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jtwerdy Genesis Style Shortcodes genesis-style-shortcodes allows DOM-Based XSS.This issue affects Genesis Style Shortcodes: from n/a through = 1.0...

CVE-2025-22806

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.8...

CVE-2025-22808

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Surbma Surbma | Premium WP surbma-premium-wp allows DOM-Based XSS.This issue affects Surbma | Premium WP: from n/a through = 9.0...

CVE-2025-22806

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through = 1.3.8...

CVE-2025-22809

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in theme funda PDF Catalog Woocommerce pdf-catalog-woocommerce allows DOM-Based XSS.This issue affects PDF Catalog Woocommerce: from n/a through = 2.0...

CVE-2025-22806 WordPress Black Widgets For Elementor plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through = 1.3.8...

CVE-2025-22806 WordPress Black Widgets For Elementor plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.8...

CVE-2025-22806

CVE-2025-22806 affects Black Widgets For Elementor. Root cause: DOM-Based XSS due to improper input neutralization during web page generation; affected versions n/a–1.3.8. Wordfence indicates the issue has been patched.

CVE-2025-22808 WordPress Surbma | Premium WP plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Surbma Surbma | Premium WP surbma-premium-wp allows DOM-Based XSS.This issue affects Surbma | Premium WP: from n/a through = 9.0...

CVE-2025-22808

CVE-2025-22808: Surbma Premium WP suffers a DOM-based XSS in input handling during web page generation. Affected: Surbma Premium WP (≤9.0); attack requires at least contributor/author privileges. Status: patched; apply update to mitigate.

CVE-2025-22821 WordPress StorePress theme <= 1.0.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vfthemes StorePress storepress allows DOM-Based XSS.This issue affects StorePress: from n/a through = 1.0.12...

CVE-2025-22821

CVE-2025-22821 is a DOM-based XSS in StorePress (vfthemes) prior to 1.0.12. The issue arises from Improper Neutralization of Input During Web Page Generation, enabling cross-site scripting. Public reports in Red Hat and Wordfence corroborate a StorePress vulnerability with the StorePress plugin/t...

CVE-2025-22823 WordPress Genesis Style Shortcodes Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Twerdy Genesis Style Shortcodes allows DOM-Based XSS.This issue affects Genesis Style Shortcodes: from n/a through 1.0...

CVE-2025-22823

CVE-2025-22823 describes a DOM-based Cross-Site Scripting (XSS) in the Genesis Style Shortcodes plugin for WordPress. Affected: Genesis Style Shortcodes

CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

PT-2025-4729 · Unknown · Storepress

Name of the Vulnerable Software and Affected Versions: StorePress versions 1.0.12 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means that an attacker could potentially inject malicious scripts in...

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language by the US-based Rails team. A security vulnerability exists in Rails that stems from the presence of a DOM-based cross-site scripting vulnerability that allows an attacker to inject malicious script into a victim'...