158 matches found
WordPress plugin Table of Contents Block 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin Table o...
CVE-2025-23652
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fabio Zuanon Add custom content after post add-custom-content-after-post allows Reflected XSS.This issue affects Add custom content after post: from n/a through = 1.0...
CVE-2025-23748 WordPress Singsys -Awesome Gallery plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Singsys Singsys -Awesome Gallery awesome-gallery-singsys allows Reflected XSS.This issue affects Singsys -Awesome Gallery: from n/a through = 1.0...
CVE-2025-23650
CVE-2025-23650 describes a reflected XSS vulnerability in the WordPress plugin “Tidy.ro” by razvypp. The Red Hat and NVD entries confirm the flaw as an Improper Neutralization of Input During Web Page Generation, enabling Reflected XSS for Tidy.ro versions up to 1.3 (development and affected scop...
CVE-2025-23652
Summary (CVE-2025-23652): A WordPress plugin issue in Add custom content after post (notFound) exhibits Reflected Cross-Site Scripting due to improper input neutralization during web page generation. Affected versions are n/a through 1.0. The Red Hat and PT Security entries explicitly note the vu...
CVE-2025-25098
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captions: from n/a through = 1.2...
CVE-2025-23998
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through = 1.2...
CVE-2024-43950
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.4.2.5...
CVE-2024-43244
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4...
CVE-2024-51760
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ristretto Apps Dashing Memberships dashing-memberships allows Reflected XSS.This issue affects Dashing Memberships: from n/a through = 1.1...
CVE-2024-37920
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7...
CVE-2024-55972
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in chriscarvache eTemplates etemplates allows SQL Injection.This issue affects eTemplates: from n/a through = 0.2.1...
CVE-2024-53812
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jacques Malgrange WP GeoNames wp-geonames allows Reflected XSS.This issue affects WP GeoNames: from n/a through = 1.8...
CVE-2025-23574 WordPress CubePM plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonathan Lau CubePM cubepm allows Reflected XSS.This issue affects CubePM: from n/a through = 1.0...
CVE-2025-23551 WordPress SexBundle plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in razvypp SexBundle sexbundle allows Reflected XSS.This issue affects SexBundle: from n/a through = 1.4...
CVE-2024-48893
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting XSS attack via the creation of malicious playbook...
CVE-2025-22293
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gutentor Gutentor gutentor allows DOM-Based XSS.This issue affects Gutentor: from n/a through = 3.4.3...
CVE-2025-22359
CVE-2025-22359 : Reflected XSS in SyncFields (WordPress plugin) — improper neutralization during web page generation leads to cross-site scripting. Affected: SyncFields versions up to 2.1 (from unknown earliest to 2.1). CVSSv3.1 score 7.1 (HIGH). Connected sources corroborate the Reflected XSS an...
CVE-2024-56038
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catalinsendsms SendSMS sendsms allows Reflected XSS.This issue affects SendSMS: from n/a through = 1.2.9...
PT-2025-3176 · Unknown · Lemonade Social Networks Autoposter Pinterest
Name of the Vulnerable Software and Affected Versions: Lemonade Social Networks Autoposter Pinterest versions n/a through 2.0 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This problem enables...