CVE-2025-22339

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in athemeart Store Commerce store-commerce allows DOM-Based XSS.This issue affects Store Commerce: from n/a through = 1.2.3...

CVE-2025-22309

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RopeSwingHld SpeakOut! Email Petitions speakout allows DOM-Based XSS.This issue affects SpeakOut! Email Petitions: from n/a through = 4.4.2...

CVE-2025-22312

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows DOM-Based XSS.This issue affects Thim Elementor Kit: from n/a through = 1.2.9...

CVE-2025-22293

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gutentor Gutentor gutentor allows DOM-Based XSS.This issue affects Gutentor: from n/a through = 3.4.3...

CVE-2025-22293 WordPress Gutentor plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gutentor Gutentor gutentor allows DOM-Based XSS.This issue affects Gutentor: from n/a through = 3.4.3...

CVE-2025-22309 WordPress SpeakOut! Email Petitions plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RopeSwingHld SpeakOut! Email Petitions speakout allows DOM-Based XSS.This issue affects SpeakOut! Email Petitions: from n/a through = 4.4.2...

CVE-2025-22309

CVE-2025-22309 affects SpeakOut! Email Petitions (WordPress plugin). Initial description identifies a Cross-Site Scripting issue in SpeakOut! Email Petitions: DOM-Based XSS affecting versions up to 4.4.2. Wordfence Intelligence lists this as a Stored Cross-Site Scripting vulnerability for SpeakOu...

CVE-2025-22309 WordPress SpeakOut! Email Petitions plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RopeSwingHld SpeakOut! Email Petitions speakout allows DOM-Based XSS.This issue affects SpeakOut! Email Petitions: from n/a through = 4.4.2...

CVE-2025-22339 WordPress Store Commerce theme <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in athemeart Store Commerce store-commerce allows DOM-Based XSS.This issue affects Store Commerce: from n/a through = 1.2.3...

CVE-2025-22339 WordPress Store Commerce theme <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in athemeart Store Commerce store-commerce allows DOM-Based XSS.This issue affects Store Commerce: from n/a through = 1.2.3...

PT-2025-4572 · Pluginspoint · Timeline Pro

Name of the Vulnerable Software and Affected Versions: pluginspoint Timeline Pro versions 1.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows DOM-Based XSS. This is a type of Cross-site Scripting attack. Recommendations: F...

PT-2025-4427 · Unknown · Thim Elementor Kit

Name of the Vulnerable Software and Affected Versions: Thim Elementor Kit versions 1.2.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS problem, specifically DOM-Based XSS. This allows for malicio...

Doppler: WAF bypass and java script incomplete handling of Unicode characters might leads to dom-xss

hello, WAF : doppler uses cloudfare firewall to prevent unwanted malicous injections "https://share.doppler.com/ext/jquery/dist/jquery.min.js?c=%22%3Cscript%3Ealert%27XSS%27%3C/script%3E%22" by accessing the endpoint you'll get to know that! But I found that this code ""%0D%0A%0D%0A" bypass the...

CVE-2024-56257

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CoolPlugins Coins MarketCap coins-marketcap allows DOM-Based XSS.This issue affects Coins MarketCap: from n/a through = 5.5.8...

CVE-2024-56257 WordPress Coins MarketCap plugin <= 5.5.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CoolPlugins Coins MarketCap coins-marketcap allows DOM-Based XSS.This issue affects Coins MarketCap: from n/a through = 5.5.8...

CVE-2024-56263

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GS Plugins GS Shots for Dribbble gs-dribbble-portfolio allows DOM-Based XSS.This issue affects GS Shots for Dribbble: from n/a through = 1.2.0...

CVE-2024-56246

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows DOM-Based XSS.This issue affects Nexter Blocks: from n/a through = 4.0.4...

CVE-2024-56263

CVE-2024-56263 is a DOM-based XSS in the GS Shots for Dribbble WordPress plugin. Affected: GS Shots for Dribbble plugin versions up to 1.2.0 (public details indicate updates since 1.2.0 address the issue). The issue arises from improper input neutralization during web page generation. Impact is c...

CVE-2024-56263 WordPress GS Shots for Dribbble plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GS Plugins GS Shots for Dribbble gs-dribbble-portfolio allows DOM-Based XSS.This issue affects GS Shots for Dribbble: from n/a through = 1.2.0...

CVE-2024-56246 WordPress Nexter Blocks plugin <= 4.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH Nexter Blocks allows DOM-Based XSS.This issue affects Nexter Blocks: from n/a through 4.0.4...