CVE-2026-24632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...

CVE-2026-24621

CVE-2026-24621 is a DOM-based XSS in the WordPress Terms descriptions plugin (terms-descriptions) caused by improper input neutralization during web page generation. Affected: Terms descriptions plugin, versions n/a through 3.4.9. Impact per sources: DOM-based XSS could leak or alter content in t...

CVE-2026-24621 WordPress Terms descriptions plugin <= 3.4.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through = 3.4.9...

CVE-2026-24614

CVE-2026-24614 affects the WordPress plugin Flex QR Code Generator (flex-qr-code-generator). The vulnerability is a DOM-based XSS caused by improper neutralization during web page generation. Public references indicate impact on Flex QR Code Generator versions up to 1.2.8 (NVD/Red Hat) with Patch...

CVE-2026-24584

CVE-2026-24584 affects the WordPress plugin “Tutor LMS BunnyNet Integration” (Themeum) up to version 1.0.0. The issue is a DOM-based XSS caused by improper input neutralization during web page generation. Public sources in the Connected Documents (Wordfence, CVE listings) confirm the vulnerabilit...

CVE-2026-24584

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through = 1.0.0...

CVE-2026-24584 WordPress Tutor LMS BunnyNet Integration plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through = 1.0.0...

CVE-2026-24528

CVE-2026-24528 refers to a Cross-Site Scripting (DOM-Based XSS) vulnerability in Pixelgrade Nova Blocks (nova-blocks) affecting versions up to and including 2.1.9. Technical details across sources confirm an improper input handling/neutralization during web page generation that enables DOM-based ...

CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

CVE-2026-24526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

CVE-2026-24526 WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

WordPress plugin Tutor LMS BunnyNet Integration: Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin terms description: Security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There was a...

WordPress plugin Delay Redirects has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4376

Name of the Vulnerable Software and Affected Versions Steve Truman Email Inquiry & Cart Options for WooCommerce versions through 3.4.3 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This...

WordPress plugin: Email Inquiry & Cart Options for WooCommerce – Cross-site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-24354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...

CVE-2026-22349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through = 1.4.1...

CVE-2025-68900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold allows DOM-Based XSS. This issue affects Enfold: from n/a through 7.1.3...