920 matches found
CVE-2025-23586 WordPress WP Post Category Notifications plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MAL73049 WP Post Category Notifications wp-post-category-notifications allows Reflected XSS.This issue affects WP Post Category Notifications: from n/a through = 1.0...
CVE-2025-23584 WordPress Pin Locations on Map plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Pin Locations on Map allows Reflected XSS. This issue affects Pin Locations on Map: from n/a through 1.0...
CVE-2025-23579
CVE-2025-23579 affects the WordPress plugin DZS Ajaxer Lite (versions up to 1.04). The vulnerability is a Stored Cross-Site Scripting flaw caused by improper neutralization of input during web page generation. Multiple sources (NVD, Red Hat advisory, CVE listings, and Patchstack) uniformly descri...
CVE-2025-23584
CVE-2025-23584 concerns the WordPress plugin Pin Locations on Map (versions <= 1.0). The vulnerability is a reflected Cross‑Site Scripting (XSS) caused by improper neutralization of input during web page generation. Impact is a reflected XSS that could affect pages rendering user‑provided inpu...
CVE-2025-23587
CVE-2025-23587 is a reflected Cross-Site Scripting vulnerability in the WordPress plugin “all-in-one-box-login”
CVE-2025-23586
CVE-2025-23586 concerns the WordPress plugin WP Post Category Notifications (versions <= 1.0). The vulnerability is a reflected Cross-Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation, enabling attacker-controlled input to be reflected in a web pag...
CVE-2025-23576
CVE-2025-23576 relates to a Reflected XSS in the WordPress WP Intro.JS plugin (versions
CVE-2025-23565
CVE-2025-23565 affects WordPress Wibstats plugin versions up to 0.5.5, with a reflected XSS due to improper input neutralization in web page generation. Affected component is the Wibstats plugin for WordPress (NotFound Wibstats). The CVSSv3.1 base score is 7.1 (HIGH) with network attack vector, n...
CVE-2025-23563
CVE-2025-23563 is a reflected XSS in the WordPress Explore pages plugin (versions
CVE-2025-23570
CVE-2025-23570 is a Reflected XSS in the WordPress WP Social Links plugin (
CVE-2025-23575
The CVE-2025-23575 entry concerns the WordPress DX Sales CRM plugin (versions
CVE-2025-23570 WordPress WP Social Links plugin <= 0.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mitchell Bundy WP Social Links wp-social-links allows Reflected XSS.This issue affects WP Social Links: from n/a through = 0.3.1...
CVE-2025-23552
CVE-2025-23552 affects the WordPress WordPress Texteller plugin (versions
CVE-2025-23538
The CVE refers to a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress WP Contest plugin, affecting versions up to 1.0.0. The root cause is improper neutralization of input during web page generation, enabling reflected XSS. Connected sources consistently describe the issue and l...
CVE-2025-23536
CVE-2025-23536: WordPress Track Page Scroll plugin
CVE-2025-23549
CVE-2025-23549 affects the WordPress Maniac SEO plugin (versions
CVE-2025-23539
CVE-2025-23539 concerns the WordPress plugin “Awesome Hooks” (NotFound) up to version 1.0.1. The issue is an improper neutralization of input during web page generation, resulting in a reflected cross-site scripting (XSS) vulnerability. Affected component: the WordPress plugin’s input handling in...
CVE-2025-23505
The CVE-2025-23505 entry concerns the WordPress Pit Login Welcome plugin, affected
CVE-2025-23502
The CVE-2025-23502 entry concerns the WordPress Curated Search plugin (versions up to 1.2). The vulnerability is CSRF that enables Stored XSS, affecting Curated Search from n/a through 1.2. The connected sources consistently describe Cross-Site Request Forgery leading to stored cross-site scripti...
CVE-2025-23516
CVE-2025-23516 corresponds to a reflected XSS in the WordPress plugin Sale with Razorpay (versions