CVE-2025-23652

Summary (CVE-2025-23652): A WordPress plugin issue in Add custom content after post (notFound) exhibits Reflected Cross-Site Scripting due to improper input neutralization during web page generation. Affected versions are n/a through 1.0. The Red Hat and PT Security entries explicitly note the vu...

CVE-2025-23653

CVE-2025-23653 is a reflected XSS in the WordPress plugin “Form To Online Booking” (NotFound Form To Online Booking) with affected range reported as n/a through 1.0. Root cause is improper input neutralization during web page generation, enabling reflected cross-site scripting. Public records in ...

CVE-2025-23651

CVE-2025-23651 is a Reflected Cross-Site Scripting vulnerability in the WordPress Scroll Top plugin (NotFound Scroll Top) affecting versions up to 1.3.3. The issue stems from improper input neutralization during web page generation, enabling XSS in reflected context. Public references in multiple...

CVE-2025-23571

CVE-2025-23571 is a reflected XSS in WordPress Internal Links Generator (plugin)

CVE-2025-23428

CVE-2025-23428 affects the WordPress plugin QMean – WordPress Did You Mean (NotFound) up to version 2.0. It describes a Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation, enabling reflected XSS. Public reporting confirms the vulnerability ...

PT-2025-6996 · Notfound · Add Custom Content After Post

Name of the Vulnerable Software and Affected Versions: NotFound Add custom content after post versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS in the Add custom...

PT-2025-7014 · Unknown · Notfound Coronavirus (Covid-19) Outbreak Data Widgets

Name of the Vulnerable Software and Affected Versions: NotFound Coronavirus COVID-19 Outbreak Data Widgets versions 1.1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This...

PT-2025-6995 · Unknown · Notfound Scroll Top

Name of the Vulnerable Software and Affected Versions: NotFound Scroll Top versions 1.3.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS in NotFound Scroll Top. Recommendation...

PT-2025-6997 · Unknown · Notfound Form To Online Booking

Name of the Vulnerable Software and Affected Versions: NotFound Form To Online Booking versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This can be exploited...

CVE-2025-23755

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tosend.it PAFacile pafacile allows Reflected XSS.This issue affects PAFacile: from n/a through = 2.6.1...

CVE-2025-23819

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Marco Milesi WP Cloud cloud allows Absolute Path Traversal.This issue affects WP Cloud: from n/a through = 1.4.3...

CVE-2025-24620

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hkharpreetkumar1 AIO Shortcodes aio-shortcodes allows Stored XSS.This issue affects AIO Shortcodes: from n/a through = 1.3...

CVE-2025-22699

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through 3.1.2...

CVE-2025-22700

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through 3.1.3...

CVE-2024-43333

Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements ASE Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements ASE Pro: from n/a through 7.6.2.1...

CVE-2025-23737

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thobian Network-Favorites network-favorites allows Reflected XSS.This issue affects Network-Favorites: from n/a through = 1.1...

CVE-2025-23746

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Edem CMC MIGRATE cmc-migrate allows Reflected XSS.This issue affects CMC MIGRATE: from n/a through = 0.0.3...

CVE-2025-23449

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in davidpuc Simple shortcode buttons simple-shortcode-buttons allows Reflected XSS.This issue affects Simple shortcode buttons: from n/a through = 1.3.2...

CVE-2025-23683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xdxdVSxdxd MACME macme allows Reflected XSS.This issue affects MACME: from n/a through = 1.2...

CVE-2025-23630

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Irshad A.Khan Cyber Slider cyber-new-slider allows Reflected XSS.This issue affects Cyber Slider: from n/a through = 1.1...