CVE-2025-49422 WordPress Support Ticket Plugin <= 1.9 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through = 1.9...

CVE-2025-49424 WordPress Support Ticket Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Support Ticket support-ticket allows Reflected XSS.This issue affects Support Ticket: from n/a through = 1.9...

CVE-2025-49424 WordPress Essential Doo Components for Visual Composer plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in diego.benna Essential Doo Components for Visual Composer allows DOM-Based XSS. This issue affects Essential Doo Components for Visual Composer: from n/a through 1.9...

PT-2025-34130 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by...

GHSA-M49P-6CJP-X2H3 Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

CVE-2025-7496

CVE-2025-7496 describes a DOM-based Stored XSS vulnerability in the WordPress plugin WPC Smart Compare for WooCommerce, affecting all versions up to 6.4.7. Exploitation requires authenticated access at Contributor level or higher, enabling injection of scripts that run when users load injected pa...

CVE-2025-7496 WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-7496 WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

Linux Distros Unpatched Vulnerability : CVE-2025-1219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or...

CVE-2025-54747

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpbakery Templatera templatera allows DOM-Based XSS.This issue affects Templatera: from n/a through = 2.3.0...

CVE-2025-49433

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThanhD Supermalink supermalink allows DOM-Based XSS.This issue affects Supermalink: from n/a through = 1.1...

CVE-2025-54706

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through = 1.2.52...

CVE-2025-49898

CVE-2025-49898 refers to a DOM-based XSS in the WordPress plugin Dropshix (Dropshix

CVE-2025-8451

CVE-2025-8451 — The WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets (Essential Addons for Elementor Lite) is vulnerable to a DOM-based Stored XSS via the data-gallery-items parameter in all versions up to and including 6.2.2. The issue arises from insuffici...

CVE-2025-54708

The CVE-2025-54708 entry concerns the WordPress plugin B Blocks (bPlugins B Blocks) with versions up to and including 2.0.5. The connected sources confirm a DOM-based Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation, allowing execution...

CVE-2025-54706

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through = 1.2.52...

CVE-2025-54706 WordPress Magical Posts Display Plugin plugin <= 1.2.52 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52...

CVE-2025-49433 WordPress Supermalink <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThanhD Supermalink supermalink allows DOM-Based XSS.This issue affects Supermalink: from n/a through = 1.1...

BIT-LIBPHP-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...