CVE-2024-12873

The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin AffiliateImporterEb 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Palo Alto Networks PAN-OS 跨站脚本漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A cross-site scripting vulnerability exists in Palo Alto Networks PAN-OS, which stems from reflected cross-site scripting that could lead to phishing attacks...

CVE-2025-32504 WordPress Silvasoft boekhouden plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silvasoft Silvasoft boekhouden silvasoft-boekhouden allows Reflected XSS.This issue affects Silvasoft boekhouden: from n/a through = 3.0.6...

CVE-2025-32515 WordPress Terminal Africa plugin <= 1.13.24 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in terminalafrica Terminal Africa terminal-africa allows Reflected XSS.This issue affects Terminal Africa: from n/a through = 1.13.24...

WordPress plugin Eazy Under Construction 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...

WordPress plugin WP-Asambleas 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress plugin SpiderDisplay 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WooCommerce HTML5 Video 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress plugin Global Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Easy Contact 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-15793 · Unknown · Axew3 Wp W3All Phpbb

Name of the Vulnerable Software and Affected Versions: axew3 WP w3all phpBB versions 2.9.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Reflected XSS. Recommendations: For axew3 WP w3all phpBB versions 2.9.2 and earlier, update to a version tha...

OpenEMR 跨站脚本漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A cross-site scripting vulnerability exists in OpenEMR versions prior to 7.0.3 th...

WordPress plugin Are you robot google recaptcha for wordpress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Are you robot google recaptcha for wordpress A...

WordPress plugin Pixobe Cartography 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress Digital License Manager plugin <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function vulnerability

Reflected Cross-Site Scripting via removequeryarg Function vulnerability discovered by Peter Thaleikis in WordPress Plugin Digital License Manager versions = 1.7.3...

WordPress Newsletters plugin <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter vulnerability

Reflected Cross-Site Scripting via To Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Newsletters versions = 4.9.9.7...

Jalios JPlatform 安全漏洞

Jalios JPlatform is a digital work platform from Jalios, Inc. A security vulnerability exists in Jalios JPlatform 10, which stems from improper input neutralization during web page generation and could lead to reflected cross-site scripting and stored cross-site scripting...

CVE-2025-1486

The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-1487

The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...