CVE-2025-49955

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rajan Vijayan WP Smart Flexslider wp-smart-flexslider allows Reflected XSS.This issue affects WP Smart Flexslider: from n/a through = 2.5...

CVE-2025-49938

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through = 3.7.3...

CVE-2025-49933

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlog jet-blog allows Reflected XSS.This issue affects JetBlog: from n/a through = 2.4.4...

CVE-2025-49934

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through = 1.3.18...

CVE-2025-62068

CVE-2025-62068 affects WordPress plugin E2Pdf (versions

CVE-2025-59571 WordPress WorkScout-Core plugin < 1.7.06 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through 1.7.06...

CVE-2025-58961 WordPress CF7 Auto Responder Addon plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kamleshyadav CF7 Auto Responder Addon CF7-autoresponder-addon allows DOM-Based XSS.This issue affects CF7 Auto Responder Addon: from n/a through = 2.4...

CVE-2025-58961

CVE-2025-58961 is a DOM-based XSS vulnerability in the WordPress CF7 Auto Responder Addon (CF7-autoresponder-addon), affecting versions up to and including 2.4. The issue arises from improper input handling during web page generation, enabling cross-site scripting. Public writeups from CNVD, RH, ...

CVE-2025-53426

CVE-2025-53426 affects the WordPress plugin Likert Survey Master up to version 0.8.0.1. The issue is an improper neutralization of input during web page generation, leading to a reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability occurs in the plugin’s handling of user-supplied ...

CVE-2025-52751

CVE-2025-52751 affects the WordPress Slide Puzzle plugin (versions ≤ 1.0.0). The issue is a Reflected XSS caused by improper input neutralization during web page generation in the slide-puzzle component. Exploitation could allow an attacker to inject and execute scripts in a victim’s browser when...

CVE-2025-52735 WordPress NextMove Lite plugin <= 2.24.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through = 2.24.0...

CVE-2025-49958

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through = 1.8.6...

CVE-2025-49956

CVE-2025-49956 concerns WordPress Fade Slider Plugin (

CVE-2025-49951

CVE-2025-49951 affects the WordPress plugin gAppointments (versions up to and including 1.14.1). The vulnerability arises from improper neutralization of user input during web page generation, enabling a reflected Cross-Site Scripting (XSS) attack. Impact is cross-site scripting with potential da...

CVE-2025-49947 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...

CVE-2025-48098 WordPress Survey Maker plugin <= 5.1.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through = 5.1.8.8...

WordPress plugin Easy Woocommerce Customizer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripti...

WordPress plugin WC Return products cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Plugin CropRefine 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

WordPress plugin SEO Pyramid 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...