CVE-2025-67972

Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9...

CVE-2025-69391 WordPress Diamond theme <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through = 2.4.8...

CVE-2025-69392 WordPress iMoney plugin <= 0.36 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in itex iMoney imoney allows Reflected XSS.This issue affects iMoney: from n/a through = 0.36...

CVE-2025-69330

CVE-2025-69330 is a reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress Theme Prestige, version prior to 1.4.1. The issue is described as an improper neutralization of user-controlled input during web page generation, enabling reflected XSS. Public sources in the connected ...

CVE-2025-69323 WordPress Slimstat Analytics plugin <= 5.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through = 5.3.2...

CVE-2025-68854 WordPress ID Arrays plugin <= 2.1.2 - POST-Based Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through = 2.1.2...

CVE-2025-68501 WordPress Mollie Payments for WooCommerce plugin <= 8.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through = 8.1.1...

CVE-2025-67978 WordPress Educare plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through = 1.6.1...

CVE-2025-67972

Technical details about CVE-2025-67972 are not provided in the connected documents. Public details in the set pertain to other products (e.g., Prague plugin) and do not confirm affected vendor/version/root-cause for Zoho ZeptoMail. Monitor for updates.

PT-2026-21232

Name of the Vulnerable Software and Affected Versions fox-themes Reflector versions through 1.2.2 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting XSS. This issue impacts the Reflector...

WordPress plugin Membee Login 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2019-25424

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the httpsexceptions endpoint with script payloads to execut...

CVE-2019-25420

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the snat endpoint. Attackers can send POST requests with JavaScript payloads in the port or snattoip parameters to execute arbitrary...

CVE-2019-25408

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...

CVE-2019-25422 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via vpnfw

Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the vpnfw endpoint. Attackers can submit POST requests with script payloads in the target parameter for reflected XSS or the remark parameter for stored XSS to execute...

CVE-2019-25417 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via QoS Rules

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. Attackers can send POST requests to the QoS rules management endpoint with JavaScript payloads in the protoco...

CVE-2019-25411 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via DHCP

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAYGREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript...

CVE-2019-25410 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via policy_routing

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute...

CVE-2019-25409

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute...

CVE-2025-11706 Aruba HiSpeed Cache <= 3.0.2 - Reflected Cross-Site Scripting

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...