PT-2025-6964 · Disqus · Disqus Popular Posts

Name of the Vulnerable Software and Affected Versions: Disqus Popular Posts versions through 2.1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Reflected XSS. This means an attacker can trick a user into performing unintended actions on a web application...

WordPress Lazy Blocks plugin <= 3.8.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Lazy Blocks versions = 3.8.2...

WordPress StaffList plugin <= 3.2.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin StaffList versions = 3.2.3...

CVE-2024-13830

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required...

WordPress TablePress Plugin 2.0 < 2.1.5 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tablepress:tablepress"; if description...

PT-2025-5902

Name of the Vulnerable Software and Affected Versions Legull WordPress plugin versions 1.2.2 and earlier Description The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could be use...

CVE-2024-13326

The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-5521 · Unknown · The Photo Gallery – Gt3 Image Gallery & Gutenberg Block Gallery

Name of the Vulnerable Software and Affected Versions: Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery versions through 2.7.7.24 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for...

PT-2025-5199 · Unknown · Applicantpro

Name of the Vulnerable Software and Affected Versions: ApplicantPro versions 1.3.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website,...

CVE-2024-13221

The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13219

The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-5443 · Unknown · Gd Mail Queue

Name of the Vulnerable Software and Affected Versions: GD Mail Queue versions n/a through 4.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject...

CVE-2024-12409

The Simple:Press Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 6.10.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-12638

The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-24593

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8...

CVE-2024-13055

The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-5134 · Unknown · One Backend Language

Name of the Vulnerable Software and Affected Versions: One Backend Language versions through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected cross-site scripting XSS. This enables attackers to inject malicious scripts vi...

CVE-2025-23634

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Reflected XSS.This issue affects Youtube Video Grid: from n/a through = 1.9...

PT-2025-5177 · WordPress · Wp-Flickr-Press

Name of the Vulnerable Software and Affected Versions: wp-flickr-press versions 2.6.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an attacker can inject malicious...

PT-2025-5049 · Unknown · Mind3Dom Ryebread Widgets

Name of the Vulnerable Software and Affected Versions: Mind3doM RyeBread Widgets versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows reflected XSS. This problem affects Mind3d...