5662 matches found
CVE-2025-57938
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themewant Easy Hotel Booking easy-hotel allows DOM-Based XSS.This issue affects Easy Hotel Booking: from n/a through = 1.9.0...
CVE-2025-57912
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dialogity Dialogity Free Live Chat dialogity-website-chat allows Stored XSS.This issue affects Dialogity Free Live Chat: from n/a through = 1.0.3...
CVE-2025-53469
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mortgage Calculator BMI Adult & Kid Calculator bmi-adultkid-calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through = 1.2.2...
CVE-2025-53464
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Online Optimisation WP Mailto Links wp-mailto-links allows Stored XSS.This issue affects WP Mailto Links: from n/a through = 3.1.4...
CVE-2025-59587
CVE-2025-59587 is a DOM-based XSS in the WordPress plugin Penci Shortcodes & Performance. The vulnerability requires authenticated access (Contributor+), affects versions before the fix, and has a CVSS v3.1 base score of 6.5 (Medium). Wordfence indicates the issue is addressed in a 6.1+ release, ...
CVE-2025-53467 WordPress Login-Logout Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Login-Logout login-logout allows Stored XSS.This issue affects Login-Logout: from n/a through = 3.8...
CVE-2025-57901
CVE-2025-57901 is listed in connected sources as relating to Import Markdown – Versatile Markdown Importer for WordPress. The connected entry indicates a vulnerability described as an authenticated (Contributor+) Stored Cross-Site Scripting (XSS) via the Markdown import process. In practical term...
CVE-2025-57908 WordPress Product Time Countdown for WooCommerce plugin <= 1.6.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ProWCPlugins Product Time Countdown for WooCommerce product-countdown-for-woocommerce allows Stored XSS.This issue affects Product Time Countdown for WooCommerce: from n/a through = 1.6.5...
CVE-2025-57938 WordPress Easy Hotel Booking plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themewant Easy Hotel Booking easy-hotel allows DOM-Based XSS.This issue affects Easy Hotel Booking: from n/a through = 1.9.0...
CVE-2025-57950 WordPress Plugin Security Scanner Plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Glen Scott Plugin Security Scanner plugin-security-scanner allows Stored XSS.This issue affects Plugin Security Scanner: from n/a through = 2.0.2...
CVE-2025-57951 WordPress SiteNarrator Text-to-Speech Widget Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ken107 SiteNarrator Text-to-Speech Widget allows Stored XSS. This issue affects SiteNarrator Text-to-Speech Widget: from n/a through 1.9...
CVE-2025-57963 WordPress Zoho Billing Plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing zoho-subscriptions allows DOM-Based XSS.This issue affects Zoho Billing: from n/a through = 4.1...
CVE-2025-58023 WordPress Genealogical Tree plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in akdevs Genealogical Tree genealogical-tree allows Stored XSS.This issue affects Genealogical Tree: from n/a through = 2.2.7...
CVE-2025-58023 WordPress Genealogical Tree plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in akdevs Genealogical Tree genealogical-tree allows Stored XSS.This issue affects Genealogical Tree: from n/a through = 2.2.7...
CVE-2025-58240
CVE-2025-58240: Stored XSS in WordPress plugin xili-tidy-tags (
CVE-2025-58242 WordPress Bg Church Memos Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vadim Bogaiskov Bg Church Memos bg-church-memos allows DOM-Based XSS.This issue affects Bg Church Memos: from n/a through = 1.1...
CVE-2025-58648 WordPress Simple JWT Login plugin <= 3.6.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through = 3.6.4...
CVE-2025-58652
CVE-2025-58652 affects Themepoints Carousel Ultimate (Carousel Ultimate) for WordPress. The issue is a Stored XSS caused by improper input neutralization during web page generation, impacting versions up to 1.8 (from n/a through 1.8). CVSS 3.1 base score is 6.5 (AV:N, AC:L, PR:L, UI:R, S:C, C:L, ...
CVE-2025-58703 WordPress Skyword API Plugin Plugin <= 2.5.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skyword Skyword API Plugin skyword-plugin allows Stored XSS.This issue affects Skyword API Plugin: from n/a through = 2.5.3...
CVE-2025-8079 Reflected XSS in Akıllı Ticaret Software Technologies' Smart Trade E-Commerce
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS. This issue affects Smart Trade E-Commerce: before 4.5.0.0.1...