CVE-2025-53351

CVE-2025-53351 corresponds to a WordPress Fidelo Snippet plugin vulnerability (versions through 1.12) where improper input neutralization during web page generation enables reflected XSS. Affected component: Fidelo Snippet (WordPress plugin). Root cause: inadequate input sanitization in the page ...

CVE-2025-53350 WordPress Calendar Plus plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webjunk Calendar Plus calendar-plus allows Reflected XSS.This issue affects Calendar Plus: from n/a through = 1.2.4...

CVE-2025-53351 WordPress Fidelo Snippet plugin <= 1.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fidelo Software GmbH Fidelo Snippet thebing-snippet allows Reflected XSS.This issue affects Fidelo Snippet: from n/a through = 1.12...

CVE-2025-53297 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA-Team Woocommerce Envato Affiliates wooenvato allows Reflected XSS.This issue affects Woocommerce Envato Affiliates: from n/a through = 1.2.1...

CVE-2025-52770

CVE-2025-52770 concerns the WordPress Hello Followers plugin (versions up to and including 2.5). The vulnerability is a reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Affected component: Hellofollowers plugin; root cause: improper handling...

CVE-2025-52753

CVE-2025-52753 affects the WordPress plugin Contact Form by Supsystic (versions up to and including 1.7.35). The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by insufficient input filtering/escaping in web page generation, allowing an attacker to inject arbitrary script vi...

CVE-2025-52751 WordPress Slide Puzzle plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in colome Slide Puzzle slide-puzzle allows Reflected XSS.This issue affects Slide Puzzle: from n/a through = 1.0.0...

CVE-2025-52742 WordPress Pets Plugin <= 1.4.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Igor Benic Pets pets allows Reflected XSS.This issue affects Pets: from n/a through = 1.4.1...

CVE-2025-52741

CVE-2025-52741 affects WordPress Post Connector plugin up to version 1.0.11. The flaw is improper input neutralization during web page generation, resulting in a reflected XSS condition. Affected components: Post Connector (WordPress plugin); potential impact includes client-side script execution...

CVE-2025-49957 WordPress Email Attachment by Order Status & Products Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-order-status-products allows Reflected XSS.This issue affects Email Attachment by Order Status &...

CVE-2025-48097 WordPress WSAnalytics plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards allows Reflected XSS.This issue affects WSAnalytics: from n/a through = 1.1.2...

PT-2025-43206

Name of the Vulnerable Software and Affected Versions Shortcode Generator versions through 1.1 Description The software contains a flaw related to improper input handling during web page creation, which allows for Reflected Cross-site Scripting XSS. This means that malicious code can be injected...

WordPress plugin UDesign Core 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-43266

Name of the Vulnerable Software and Affected Versions Chibueze Okechukwu SEO Pyramid seo-pyramid versions through 1.9.8 Description The software contains a flaw related to improper input handling during web page creation, specifically a Reflected Cross-Site Scripting XSS issue. This allows for th...

PT-2025-43247

Name of the Vulnerable Software and Affected Versions NickDuncan Nifty Backups versions through 1.08 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting issue. This allows for the injection of...

PT-2025-43159

Name of the Vulnerable Software and Affected Versions Shiva WSAnalytics versions through 1.1.2 Description A flaw exists in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards that allows for Reflected Cross-site Scripting XSS. This occurs due to improper neutralization of input during...

EUVD-2025-35183

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

CVE-2025-61933

A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-31994

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

CVE-2025-59999 Junos Space: API Access Profiles page is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target...