CVE-2026-1986

The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user supplied...

EUVD-2026-15744

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through = 2.0.21...

EUVD-2026-15694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...

CVE-2026-32545

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...

CVE-2026-25351 WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through 1.7.7...

CVE-2026-24975 WordPress Organici Library plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici Library: from n/a through = 2.1.2...

CVE-2026-23979 WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2026-22491

CVE-2026-22491 is a Reflected XSS in the WordPress plugin My auctions allegro free-edition (

PT-2026-28058

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...

PT-2026-27866

Name of the Vulnerable Software and Affected Versions NooTheme CitiLights versions through 3.7.1 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting XSS condition. This allows for the injection of...

WordPress plugin Riode 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

PT-2026-27985

Name of the Vulnerable Software and Affected Versions G5Theme Darna Framework versions through 2.9 Description The Darna Framework contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows for the...

CVE-2026-32852 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...

CVE-2026-33499

Summary: CVE-2026-33499 affects WWBN AVideo up to version 26.0, where the templates view/forbiddenPage.php and view/warningPage.php reflect the $_REQUEST['unlockPassword'] value directly into an HTML input tag without encoding, enabling a reflected XSS vulnerability if a user clicks a crafted lin...

CVE-2026-33499 AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the view/forbiddenPage.php and view/warningPage.php templates reflect the $REQUEST'unlockPassword' parameter directly into an HTML tag's attributes without any output encoding or sanitization. An attacker can craf...

CVE-2024-46879

A Reflected Cross-Site Scripting XSS vulnerability exists in the POST request data zipPath of tiki-adminsystem.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or...

CVE-2024-46879

A Reflected Cross-Site Scripting XSS vulnerability exists in the POST request data zipPath of tiki-adminsystem.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or...

CVE-2026-1647

The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

Linux Distros Unpatched Vulnerability : CVE-2026-33230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language...

CVE-2026-32844 XinLiangCoder / php_api_doc Reflected XSS via list_method.php

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...