CVE-2025-23682

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bhuvnesh Gupta Preloader Quotes preloader-quotes allows Reflected XSS.This issue affects Preloader Quotes: from n/a through = 1.0.0...

CVE-2025-23672

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tenteeglobal Instant Appointment instant-appointment allows Reflected XSS.This issue affects Instant Appointment: from n/a through = 1.2...

PT-2025-5103 · Pqina · Pqina Snippy

Name of the Vulnerable Software and Affected Versions: PQINA Snippy versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Reflected XSS. This means an attacker can trick a user into performing unintended actions on a web application that...

CVE-2024-13404

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-26154

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few different pages...

WordPress Bauernregeln Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Bauernregeln versions = 1.0.1...

WordPress Easy Code Placement Plugin <= 18.11 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin Easy Code Placement versions = 18.11...

WordPress Affiliate Tools Việt Nam plugin <= 0.3.17 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Affiliate Tools Việt Nam versions = 0.3.17...

WordPress Data Dash plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin Data Dash versions = 1.2.3...

WordPress WordPress-to-candidate for Salesforce CRM plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin WordPress-to-candidate for Salesforce CRM versions = 1.0.1...

WordPress 新淘客WordPress插件 plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin 新淘客WordPress插件 versions = 1.1.2...

WordPress Responsivity plugin <= 0.0.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Responsivity versions = 0.0.6...

WordPress Envato Affiliater plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin Envato Affiliater versions = 1.2.4...

WordPress Bold pagos en linea Plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Parasimpaticki Patchstack Alliance in WordPress Plugin Bold pagos en linea versions = 3.1.4...

PT-2025-4564 · Marcus Downing · Site Pin

The vulnerable software is Marcus Downing Site PIN, with versions from n/a through 1.3 being affected. The vulnerability is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This type of vulnerability can be exploit...

CVE-2024-12715

The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Woocommerce check pincode/zipcode for shipping plugin <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Woocommerce check pincode/zipcode for shipping versions = 2.0.4...

WordPress SEO Keywords plugin <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter vulnerability

Reflected Cross-Site Scripting via googleerror Parameter vulnerability discovered by vgo0 in WordPress Plugin seo-keywords versions = 1.1.3...

CVE-2024-12384 Binary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page'

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

PT-2025-3714 · WordPress · Estatik Mortgage Calculator

Name of the Vulnerable Software and Affected Versions: Estatik Mortgage Calculator plugin for WordPress versions up to, and including, 2.0.11 Description: The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the color parameter due to insufficie...