CVE-2025-50690

CVE-2025-50690 describes a reflected XSS in SpatialReference.org (OSGeo/spatialreference.org). The issue arises from improper handling of user input in the search query parameter, enabling an unauthenticated attacker to craft a URL that reflects and executes arbitrary JavaScript in a victim’s bro...

CVE-2025-5084

The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray'readmoretext'’ parameter in all versions up to, and including, 3.4.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2025-40719

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idconcesion parameter in /FacturaE/VerFacturaPDF...

CVE-2024-1383

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2024-9356

The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-9209

The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2017-15885

Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the confLayoutOwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214...

WordPress WooCommerce HTML5 Video Plugin <= 1.7.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WooCommerce HTML5 Video versions = 1.7.10...

CVE-2025-23651

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in adamskaat Scroll Top scroll-to-top-builder allows Reflected XSS.This issue affects Scroll Top: from n/a through = 1.3.3...

CVE-2025-24680

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7...

CVE-2024-13422

The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-23700

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yonisink yCyclista ycyclista allows Reflected XSS.This issue affects yCyclista: from n/a through = 1.2.3...

PT-2025-5016 · Localgrid · Localgrid

Name of the Vulnerable Software and Affected Versions: LocalGrid versions n/a through 1.0.1 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables an attacker to inject malicious scripts into ...

WordPress Simple Custom post type custom field plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Simple Custom post type custom field versions = 1.0.3...

PT-2025-1680 · WordPress · Financial Stocks & Crypto Market Data Plugin

Name of the Vulnerable Software and Affected Versions: Financial Stocks & Crypto Market Data Plugin versions up to, and including, 1.10.3 Description: The issue is related to Reflected Cross-Site Scripting via the e parameter due to insufficient input sanitization and output escaping. This allows...

PT-2024-17262 · WordPress · Pkt1 Centro De Envios

Name of the Vulnerable Software and Affected Versions: PKT1 Centro de envios plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated...

CVE-2024-11204

The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

CVE-2024-10250

The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

WordPress plugin Parcel Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...