WordPress Embedder for Google Reviews plugin <= 1.6.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Embedder for Google Reviews versions = 1.6.6...

WordPress Forumax – AI Powered Advanced Community Forum Plugin plugin <= 1.2.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin BBP Core versions = 1.2.7...

WordPress Full Screen Background plugin <= 2.0.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Full Screen Background versions = 2.0.2...

WordPress Go Fetch Jobs (for WP Job Manager) plugin <= 1.8.4.8.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Go Fetch Jobs for WP Job Manager versions = 1.8.4.8.1...

WordPress Independent Analytics plugin <= 2.9.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Independent Analytics - Google Analytics Alternative for WordPress versions = 2.9.7...

WordPress Ivory Search – WordPress Search Plugin plugin <= 5.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Ivory Search versions = 5.5.8...

WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.3.2...

WordPress Ocean Extra plugin <= 2.4.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Ocean Extra versions = 2.4.2...

WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Premmerce Product Filter for WooCommerce versions = 3.7.3...

WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Restaurant & Cafe Addon for Elementor versions = 1.5.8...

WordPress Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins plugin <= 6.1.13 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Authorize.Net Payment Gateway For WooCommerce versions = 6.1.13...

WordPress Share This Image plugin <= 2.07 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Share This Image versions = 2.07...

WordPress Thank You Page for WooCommerce plugin <= 4.2.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Thanks Redirect for WooCommerce versions = 4.2.0...

WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.7...

CVE-2024-13362 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-13362

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

EUVD-2024-55564

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

Exploit for CVE-2025-69606

CVE-2025-69606 — Reflected XSS in GSVoIP Web Panel Severi...

CVE-2026-7429 SSCMS v7.4.0 Reflected Cross-Site Scripting via STL Processing

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output...

CVE-2026-7429

CVE-2026-7429 affects SSCMS v7.4.0 and describes a reflected cross‑site scripting flaw in the STL processing endpoint. The vulnerability arises from improper output encoding in the /api/stl/actions/dynamic endpoint, where malicious STL template payloads can be decrypted and returned without sanit...