5651 matches found
CVE-2026-22349 WordPress Menu In Post plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through = 1.4.1...
CVE-2025-69003
CVE-2025-69003 corresponds to a Reflected XSS in QantumThemes KenthaRadio (qt-kentharadio) <= 2.2.0. Technical detail: improper neutralization of input during web page generation enables reflected payloads. Affected product is KenthaRadio addon for Kentha Music Theme. Red Hat/NVD entries confi...
CVE-2025-68900 WordPress Enfold theme <= 7.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold allows DOM-Based XSS. This issue affects Enfold: from n/a through 7.1.3...
CVE-2025-68838 WordPress MemberPress Discord Addon plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...
CVE-2025-68012
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through = 0.10.1...
CVE-2025-67960
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through = 1.7.06...
CVE-2025-67952
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through 5.6.2...
CVE-2025-27005 WordPress HTML5 Video Player plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...
CVE-2025-4763 XSS in Aida Computer's Hotspot
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...
PT-2026-4091
Name of the Vulnerable Software and Affected Versions woofer696 Dinatur versions through 1.18 Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting XSS issue. This allows for the injection of malicious...
PT-2026-4080
Name of the Vulnerable Software and Affected Versions DotLife versions prior to 4.9.5 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting XSS issue. This allows for the execution of malicious scripts...
PT-2026-3969
Name of the Vulnerable Software and Affected Versions LambertGroup xPromoter versions through 1.3.4 Description A Reflected Cross-site Scripting XSS issue exists in the top bar promoter component of LambertGroup xPromoter. This allows for improper neutralization of input during web page generatio...
PT-2026-4097
Name of the Vulnerable Software and Affected Versions Arevico WP Simple Redirect versions through 1.1 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting XSS condition. This allows a...
PT-2026-4069
Name of the Vulnerable Software and Affected Versions codisto Omnichannel for WooCommerce versions through 1.3.65 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection o...
PT-2026-4142
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through = 2.8...
PT-2026-4250
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...
PT-2026-4256
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress Course Review: from n/a through = 4.1.9...
CVE-2026-21618
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...
CVE-2026-21618
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...
CVE-2026-21618 Cross-site scripting (XSS) in OAuth Device Authorization screen
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...