CVE-2025-69018 WordPress Web Directory Free plugin <= 1.7.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through = 1.7.12...

CVE-2025-69018

CVE-2025-69018 affects Web Directory Free (WordPress) up to version 1.7.12. The Wordfence entry shows an authenticated (Contributor+) stored XSS vulnerability enabling DOM-based XSS during web page generation due to improper input neutralization. Patch status: Patched (fixed in a newer release).

CVE-2025-68991 WordPress BWL Pro Voting Manager plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

CVE-2025-68978 WordPress DesignThemes Core plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through = 1.6...

CVE-2025-68977

CVE-2025-68977 affects DesignThemes Portfolio Addon (designthemes-portfolio-addon) with a Stored Cross-Site Scripting vulnerability in versions up to 1.5. The Wordfence entry confirms an authenticated (Contributor+) context for exploitation, indicating the issue requires user credentials to trigg...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

EUVD-2025-205667

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetTabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through 2.2.12...

EUVD-2025-205655

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch allows DOM-Based XSS.This issue affects JetSearch: from n/a through 3.5.16...

CVE-2025-68499

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through = 2.2.12...

PT-2025-54188

CVE-2025-64190 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in https://t.co/lXMI5BUDhb XStore Core allows DOM-Based XSS.This issue affects X… https://t.co/HZDZwxB5Qk...

WordPress plugin JetTabs 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-53880

Name of the Vulnerable Software and Affected Versions BWL Pro Voting Manager versions through 1.4.9 Description The BWL Pro Voting Manager software contains a flaw related to improper input handling during web page generation, which allows for DOM-Based Cross-site Scripting XSS. This issue could...

PT-2025-53868

Name of the Vulnerable Software and Affected Versions designthemes DesignThemes Core versions through 1.6 Description The software contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. Specifically, the issue manifests as a...

PT-2025-53914

Name of the Vulnerable Software and Affected Versions Blog Filter versions through 1.7.3 Description The Blog Filter software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting XSS condition. This allows for potential malicio...

WordPress plugin Combo Offers WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-68499

CVE-2025-68499 describes a DOM-Based XSS in Crocoblock’s JetTabs WordPress plugin (JetTabs) up to version 2.2.12. The issue arises from improper neutralization of input during web page generation, enabling stored XSS when a user interacts with JetTabs. Affected software: Crocoblock JetTabs (WordP...

CVE-2025-68504

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.16...

CVE-2025-68504 WordPress JetSearch plugin <= 3.5.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.16...

CVE-2025-68504 WordPress JetSearch plugin <= 3.5.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.16...