WordPress Auto Thickbox plugin <= 3.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Auto Thickbox versions = 3.5...

CVE-2025-68499

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through = 2.2.12...

CVE-2025-64190

CVE-2025-64190: DOM-based XSS in 8theme XStore Core (WordPress plugin) before v5.6 caused by improper neutralization of input during web page generation. Impacts confidentiality/integrity/availability as per XSS descriptions; remediation: upgrade to XStore Core 5.6 or later (no further exploit de...

EUVD-2025-205725

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FlippingBook FlippingBook flippingbook allows DOM-Based XSS.This issue affects FlippingBook: from n/a through = 2.0.1...

CVE-2025-69018

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through = 1.7.12...

CVE-2025-68978

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through = 1.6...

CVE-2025-69033 WordPress Blog Filter plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through = 1.7.3...

CVE-2025-68991 WordPress BWL Pro Voting Manager plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

CVE-2025-68978 WordPress DesignThemes Core plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through = 1.6...

CVE-2025-68499

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through = 2.2.12...

PT-2025-53868

Name of the Vulnerable Software and Affected Versions designthemes DesignThemes Core versions through 1.6 Description The software contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. Specifically, the issue manifests as a...

PT-2025-53880

Name of the Vulnerable Software and Affected Versions BWL Pro Voting Manager versions through 1.4.9 Description The BWL Pro Voting Manager software contains a flaw related to improper input handling during web page generation, which allows for DOM-Based Cross-site Scripting XSS. This issue could...

CVE-2025-68504 WordPress JetSearch plugin <= 3.5.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.16...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

CVE-2025-68574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows DOM-Based XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

CVE-2025-68574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows DOM-Based XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

CVE-2025-67633 WordPress Greenhouse Job Board plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brownbagmarketing Greenhouse Job Board greenhouse-job-board allows DOM-Based XSS.This issue affects Greenhouse Job Board: from n/a through = 2.7.3...

CVE-2023-32120

CVE-2023-32120 affects the WordPress plugin Hostel. The issue is an XSS vulnerability caused by improper neutralization of input during web page generation, enabling DOM-based XSS in affected versions up to 1.1.5.1. A fix is available in version 1.1.5.2. Multiple connected sources corroborate thi...

CVE-2023-32120 WordPress Hostel plugin <= 1.1.5.1 - Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1...