CVE-2025-58846 WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and...

CVE-2025-58845

CVE-2025-58845 affects WordPress Bulk Watermark plugin (versions up to 1.6.10). Description: CSRF vulnerability that allows reflected XSS. CVSS v3.1 base score 7.1 (HIGH); vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. Connected sources do not specify a fixed patch version; no remediation details p...

CVE-2025-58809

CVE-2025-58809 affects the WordPress plugin “To Lead For Salesforce.” The vulnerability is a Cross-Site Request Forgery (CSRF) vulnerability that can also enable a reflected XSS. Affected versions are listed as n/a through 2.7.3.9. Remediation per sources is to update to a version later than 2.7....

CVE-2025-58809 WordPress To Lead For Salesforce Plugin <= 2.7.3.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through = 2.7.3.9...

PT-2025-36185

Name of the Vulnerable Software and Affected Versions: Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule versions n/a through 2020.1.0 Description: A Cross-Site Request Forgery CSRF vulnerability exists in Dejan Markovic WordPress Buffer ...

PT-2025-36193

Name of the Vulnerable Software and Affected Versions: Ultimate AJAX Login versions n/a through 1.2.1 Description: The software contains a Cross-Site Request Forgery CSRF vulnerability that also allows Reflected Cross-Site Scripting XSS. Recommendations: Update Ultimate AJAX Login to a version...

CVE-2025-41062

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in /apprain/developer/addons...

CVE-2025-9569 Sunnet｜eHRD CTMS - Reflected Cross-site Scripting

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-53579

CVE-2025-53579 affects the WordPress Captcha.eu plugin (versions prior to 1.0.61). It is a Reflected XSS vulnerability due to improper input neutralization during web page generation. Public references indicate a patch exists: upgrade to 1.0.61 (or later) to fix the issue. Exploitation status is ...

CVE-2025-55175

QuickCMS is vulnerable to Reflected XSS via sLangEdit parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was notified early about this vulnerability, but...

CVE-2025-54540

CVE-2025-54540 affects QuickCMS, with a Reflected XSS in the admin panel via the sSort parameter. The issue allows arbitrary JavaScript execution in the victim’s browser when a crafted URL is opened. Public documentation notes that only version 6.8 was tested and confirmed vulnerable; other versi...

CVE-2025-34521

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

CVE-2025-50977

A template injection vulnerability leading to reflected cross-site scripting XSS has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute...

Linux Distros Unpatched Vulnerability : CVE-2019-18345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the...

CVE-2025-50977

Gitblit (version 1.7.1) contains a template injection vulnerability that enables reflected XSS via the r parameter. Exploitation requires authenticated admin access and can be triggered through GET requests to the /summary endpoint or POST requests to certain Wicket interfaces, enabling injection...

CVE-2025-50859

Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter...

CVE-2025-54670

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows Reflected XSS.This issue affects oik: from n/a through = 4.15.2...

CVE-2025-48159

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin video-player-youtube-vimeo allows Reflected XSS.This issue affects Youtube Vimeo Video Player and Slider WP Plugin: from n/a through = 3...

PT-2025-34485 · Unknown · Easy Hosting Control Panel

Name of the Vulnerable Software and Affected Versions: Easy Hosting Control Panel EHCP version 20.04.1.b Description: The List MySQL Databases function in Easy Hosting Control Panel EHCP is susceptible to a reflected cross-site scripting issue. Authenticated attackers can potentially execute...

CVE-2025-50858

Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter...