CVE-2025-31806

CVE-2025-31806 affects Webling (WordPress plugin Webling). It is a Stored XSS due to improper neutralization of input during web page generation, impacting Webling versions up to 3.9.0. Exploitation requires authentication (Administrator). Wordfence notes the vulnerability and indicates a patch i...

GHSA-M4WJ-HHWJ-47QP Drupal Core Cross-Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5...

WordPress plugin Kento WordPress Stats 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-30873

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Stored XSS.This issue affects Greenshift: from n/a through = 11.0.2...

CVE-2025-28924

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simbul ZenphotoPress zenphotopress allows Reflected XSS.This issue affects ZenphotoPress: from n/a through = 1.8...

CVE-2025-25132

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ravi Singh Visitor Details visitors-details allows Stored XSS.This issue affects Visitor Details: from n/a through = 1.0.1...

CVE-2025-23587 WordPress all-in-one-box-login plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashek Al Mahmud all-in-one-box-login all-in-one-login allows Reflected XSS.This issue affects all-in-one-box-login: from n/a through = 2.0.1...

CVE-2025-23518

CVE-2025-23518 is a reflected XSS in the WordPress GoogleMapper plugin (versions up to and including 2.0.3). The vulnerability arises from improper neutralization of input during web page generation, enabling script injection. Affected software is the GoogleMapper plugin for WordPress; no exploit...

WordPress plugin Table of Contents Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin Table o...

CVE-2025-23652

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fabio Zuanon Add custom content after post add-custom-content-after-post allows Reflected XSS.This issue affects Add custom content after post: from n/a through = 1.0...

CVE-2025-23748 WordPress Singsys -Awesome Gallery plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Singsys Singsys -Awesome Gallery awesome-gallery-singsys allows Reflected XSS.This issue affects Singsys -Awesome Gallery: from n/a through = 1.0...

CVE-2025-23650

CVE-2025-23650 describes a reflected XSS vulnerability in the WordPress plugin “Tidy.ro” by razvypp. The Red Hat and NVD entries confirm the flaw as an Improper Neutralization of Input During Web Page Generation, enabling Reflected XSS for Tidy.ro versions up to 1.3 (development and affected scop...

CVE-2025-23652

Summary (CVE-2025-23652): A WordPress plugin issue in Add custom content after post (notFound) exhibits Reflected Cross-Site Scripting due to improper input neutralization during web page generation. Affected versions are n/a through 1.0. The Red Hat and PT Security entries explicitly note the vu...

CVE-2025-25098

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captions: from n/a through = 1.2...

CVE-2025-23998

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through = 1.2...

CVE-2024-43950

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.4.2.5...

CVE-2024-43244

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4...

CVE-2024-51760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ristretto Apps Dashing Memberships dashing-memberships allows Reflected XSS.This issue affects Dashing Memberships: from n/a through = 1.1...

CVE-2024-37920

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7...

CVE-2024-53812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jacques Malgrange WP GeoNames wp-geonames allows Reflected XSS.This issue affects WP GeoNames: from n/a through = 1.8...