WordPress Download Manager plugin <= 3.2.98 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Download Manager versions = 3.2.98...

WordPress WP Content Copy Protection & No Right Click (premium) plugin <= 15.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP Content Copy Protection & No Right Click premium versions = 15.0...

WordPress Mobile Contact Bar plugin < 3.0.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Mobile Contact Bar versions 3.0.5...

WordPress plugin Qi Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...

PT-2025-21974 · Unknown · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX versions through 4.2.22 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions throu...

PT-2025-22006 · Carzine · Carzine

Name of the Vulnerable Software and Affected Versions: CarZine versions 1.4.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks. Recommendations: For CarZine...

CVE-2025-44108

A stored Cross-Site Scripting XSS vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently...

PT-2025-21944 · Unknown · Phpgurukul Medical Card Generation System

Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Medical Card Generation System version 1.0 Description: A cross-site scripting XSS issue exists in the component mcgs/admin/aboutus.php, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload int...

CVE-2025-47557

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg allows Stored XSS.This issue affects MapSVG: from n/a through = 8.5.31...

CVE-2025-40632

Cross-site scripting XSS in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered...

CVE-2025-4862 PHPGurukul Directory Management System searchdata.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPGurukul Directory Management System 2.0. Affected by this issue is some unknown functionality of the file /searchdata.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launch...

CVE-2025-4859

A vulnerability was found in D-Link DAP-2695 120b36r137ALLen20210528. It has been rated as problematic. This issue affects some unknown processing of the file /advmacbypass.php of the component MAC Bypass Settings Page. The manipulation of the argument fmac leads to cross site scripting. The atta...

CVE-2025-4860 D-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scripting

A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137ALLen20210528. Affected is an unknown function of the file /advdhcps.php of the component Static Pool Settings Page. The manipulation of the argument fmac leads to cross site scripting. It is possible to launch...

CVE-2025-4745

A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file currentemployees.php. The manipulation of the argument employeedid/firstname/middlename/lastname leads to cross site scripting. It is possible to...

CVE-2024-9227

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2024-9599

The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-47704

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting XSS.This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5...

CVE-2025-48121

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Puddick WP Notes Widget wp-notes-widget allows DOM-Based XSS.This issue affects WP Notes Widget: from n/a through = 1.0.6...

WordPress MapSVG plugin <= 8.5.31 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Anhchangmutrang in WordPress Plugin MapSVG versions = 8.5.31...

CVE-2025-4745

CVE-2025-4745 affects the code-projects Employee Record System 1.0 , specifically the file current_employees.php . The vulnerability arises from improper handling of the arguments employeed_id , first_name , middle_name , and last_name , leading to a cross-site scripting (XSS) condition. Exploita...