PT-2025-4735 · WordPress · Wp Joomag

Name of the Vulnerable Software and Affected Versions: WP Joomag versions n/a through 2.5.2 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. Specifically, WP Joomag allows DOM-Based XSS, which can be exploited...

CVE-2025-22354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4...

CVE-2025-22500

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ali Ali Alpha Price Table For Elementor alpha-price-table-for-elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through = 1.2.0...

CVE-2025-22354 WordPress Digi Store theme <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Code Themes Digi Store digi-store allows DOM-Based XSS.This issue affects Digi Store: from n/a through = 1.1.4...

CVE-2025-22354

CVE-2025-22354 : Digest Digi Store WordPress theme vulnerability – stored Cross-Site Scripting in Digi Store up to version 1.1.4. The Red Hat entry lists Digi Store

CVE-2025-22354 WordPress Digi Store theme <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4...

CVE-2025-22500

CVE-2025-22500 is a DOM-based XSS vulnerability in the Alpha Price Table For Elementor plugin. The CVE description states it affects Alpha Price Table For Elementor versions from n/a up to 1.2.0, due to improper input neutralization during web page generation. Wordfence data lists the CVE as curr...

CVE-2025-22500 WordPress Alpha Price Table For Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ali Ali Alpha Price Table For Elementor alpha-price-table-for-elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through = 1.2.0...

CVE-2025-22584

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginsPoint Timeline Pro timeline-pro allows DOM-Based XSS.This issue affects Timeline Pro: from n/a through = 1.3...

CVE-2025-22585

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Ultimate Image Hover Effects ultimate-image-hover-effects allows DOM-Based XSS.This issue affects Ultimate Image Hover Effects: from n/a through = 1.1.2...

CVE-2025-22577

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Damion Armentrout Able Player wp-able-player allows DOM-Based XSS.This issue affects Able Player: from n/a through = 1.0...

CVE-2025-22577 WordPress Able Player plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Damion Armentrout Able Player allows DOM-Based XSS.This issue affects Able Player: from n/a through 1.0...

CVE-2025-22577 WordPress Able Player plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Damion Armentrout Able Player wp-able-player allows DOM-Based XSS.This issue affects Able Player: from n/a through = 1.0...

CVE-2025-22577

CVE-2025-22577 affects Able Player for WordPress (vulnerable: up to 1.0). The issue is a DOM-based XSS caused by improper neutralization of input during web page generation. CVSS indicates: Privileges Required: Low, User Interaction: Required, Attack Vector: Network, Scope: Changed, Confidentiali...

CVE-2025-22584

CVE-2025-22584 affects Timeline Pro (Timeline Pro plugin) up to version 1.3 and is tied to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in the Timeline Designer context. The issue arises from Improper Neutralization of Input During Web Page Generation, enabling an attacker wit...

CVE-2025-22585 WordPress Ultimate Image Hover Effects plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Ultimate Image Hover Effects allows DOM-Based XSS.This issue affects Ultimate Image Hover Effects: from n/a through 1.1.2...

CVE-2025-22584 WordPress Timeline Pro plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pluginspoint Timeline Pro allows DOM-Based XSS.This issue affects Timeline Pro: from n/a through 1.3...

CVE-2025-22584 WordPress Timeline Pro plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginsPoint Timeline Pro timeline-pro allows DOM-Based XSS.This issue affects Timeline Pro: from n/a through = 1.3...

CVE-2025-22585 WordPress Ultimate Image Hover Effects plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Ultimate Image Hover Effects ultimate-image-hover-effects allows DOM-Based XSS.This issue affects Ultimate Image Hover Effects: from n/a through = 1.1.2...

CVE-2025-22585

CVE-2025-22585 describes an Improper Neutralization of Input During Web Page Generation vulnerability (DOM-based XSS) in the WordPress plugin Ultimate Image Hover Effects . Affected versions are listed as from n/a through 1.1.2. The initial description identifies the vulnerability as a Cross-Site...