CVE-2025-31902 WordPress Social Share And Social Locker Plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems Social Share And Social Locker social-share-and-social-locker-arsocial allows Reflected XSS.This issue affects Social Share And Social Locker: from n/a through = 1.4.1...

CVE-2025-31902

CVE-2025-31902 affects the WordPress plugin Social Share And Social Locker (NotFound) and is classified as a Reflected XSS caused by improper neutralization of input during web page generation. The advisory lists the affected range as “from n/a through 1.4.1.” The connected documents do not provi...

CVE-2025-31898

CVE-2025-31898 is a reflected Cross-Site Scripting vulnerability affecting MediaView (NotFound MediaView). Evidence from connected docs confirms the issue is a XSS in web page generation caused by improper input neutralization. The CVSS v3.1 vector in public metrics indicates a HIGH base score (7...

CVE-2025-31468

CVE-2025-31468 affects WP_Identicon (NotFound WP_Identicon) up to version 2.0, with a reflected Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. The CVSS v3.1 base score is 7.1 (HIGH) with network attack vector, low confidentiality, integrity,...

CVE-2025-31467

CVE-2025-31467 concerns Flickr Photostream for WordPress, showing a Reflected XSS vulnerability in the Flickr Photostream plugin. The issue is described as an improper neutralization of input during web page generation and affects Flickr Photostream versions from n/a through 3.1.8. The CVE entry ...

CVE-2025-31442 WordPress Search engine keywords highlighter plugin <= 0.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e1tekoap42 Search engine keywords highlighter keywords-highlight-tool allows Reflected XSS.This issue affects Search engine keywords highlighter: from n/a through = 0.1.3...

CVE-2025-31442

CVE-2025-31442 : The WordPress extension “Search engine keywords highlighter” is affected by a Reflected XSS (improper neutralization of input during web page generation). Affected versions are from n/a up to and including 0.1.3. The connected document confirms the issue type and affected plugin/...

CVE-2025-30616

CVE-2025-30616 is a reflected XSS vulnerability in the Latest Custom Post Type Updates plugin for WordPress (NotFound Latest Custom Post Type Updates). Affected versions are from n/a through 1.3.0. The issue arises from improper neutralization of input during web page generation, enabling an atta...

CVE-2025-30596

CVE-2025-30596 concerns an authenticated path traversal vulnerability in the WordPress plugin 'include-file' (

CVE-2025-30611

CVE-2025-30611 describes a Reflected XSS in the WordPress plugin Wptobe-signinup due to improper neutralization of user input during web page generation. Affected versions are listed as not applicable to n/a up to version 1.1.2 (i.e.,

CVE-2025-30594

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in samsk Include URL include-url allows Path Traversal.This issue affects Include URL: from n/a through = 0.3.5...

CVE-2025-31409

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a...

CVE-2025-30589

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dourou Flickr set slideshows flickr-set-slideshows allows SQL Injection.This issue affects Flickr set slideshows: from n/a through = 0.9...

PT-2025-14703 · Unknown · Notfound Include-File

Name of the Vulnerable Software and Affected Versions: NotFound include-file versions n/a through 1 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, in the NotFound include-file. This vulnerability...

PT-2025-14714 · Unknown · Notfound Search Engine Keywords Highlighter

Name of the Vulnerable Software and Affected Versions: NotFound Search engine keywords highlighter versions 0.1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS in the NotFoun...

PT-2025-14752 · Unknown · Notfound Team Rosters

Name of the Vulnerable Software and Affected Versions: NotFound Team Rosters versions n/a through 4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can...

PT-2025-14715 · Unknown · Notfound Flickr Photostream

Name of the Vulnerable Software and Affected Versions: NotFound Flickr Photostream versions 3.1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For versions...

CVE-2025-30987

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through = 1.3.16...

CVE-2025-31043

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.7...

CVE-2025-31461

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mayeenul Islam NanoSupport nanosupport allows Reflected XSS.This issue affects NanoSupport: from n/a through = 0.6.0...