CVE-2025-39578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Stored XSS.This issue affects Responsive Blocks: from n/a through = 2.0.2...

CVE-2025-32670

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark Parnell Spark GF Failed Submissions spark-gf-failed-submissions allows Reflected XSS.This issue affects Spark GF Failed Submissions: from n/a through = 1.3.5...

CVE-2025-27319

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivan82 User List user-list allows Reflected XSS.This issue affects User List: from n/a through = 1.5.1...

CVE-2025-39521

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...

CVE-2025-2069

A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user...

CVE-2025-46595

An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provid...

WordPress WP Cookie Consent plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin WP Cookie Consent versions = 1.0...

WordPress WS Force Login Page plugin <= 3.0.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin WS Force Login Page versions = 3.0.3...

WordPress Mixcloud Embed plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Mixcloud Embed versions = 2.2.0...

CVE-2025-46491

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matthew Muro Multi-Column Taxonomy List multi-column-taxonomy-list allows Stored XSS.This issue affects Multi-Column Taxonomy List: from n/a through = 1.5...

CVE-2025-46529 WordPress Business Contact Widget plugin <= 2.7.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StressFree Sites Business Contact Widget business-contact-widget allows Stored XSS.This issue affects Business Contact Widget: from n/a through = 2.7.0...

CVE-2025-46505 WordPress Peekaboo plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in farinspace Peekaboo peekaboo allows Stored XSS.This issue affects Peekaboo: from n/a through = 1.1...

CVE-2025-46505 WordPress Peekaboo <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in farinspace Peekaboo allows Stored XSS. This issue affects Peekaboo: from n/a through 1.1...

CVE-2025-46501 WordPress Mixcloud Embed plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in biancardi Mixcloud Embed mixcloud-embed allows Stored XSS.This issue affects Mixcloud Embed: from n/a through = 2.2.0...

CVE-2025-46483 WordPress Peadig’s Google +1 Button <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Moss Peadig’s Google +1 Button allows DOM-Based XSS. This issue affects Peadig’s Google +1 Button: from n/a through 0.1.2...

Cross-site Scripting (XSS)

jquery-validation is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized user input in the showLabel function due to improper handling of placeholder values that populate messages via $.validator.messages...

CVE-2025-46253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ataur R GutenKit gutenkit-blocks-addon allows Stored XSS.This issue affects GutenKit: from n/a through = 2.2.2...

CVE-2025-46238

CVE-2025-46238 (WordPress List Last Changes) concerns Stored XSS in List Last Changes plugin (affected versions n/a–1.2.1) due to improper input neutralization during web page generation. Connected sources indicate the issue exists for WordPress List Last Changes and that patches have been releas...

learningaccelerator.org Cross Site Scripting vulnerability OBB-4048174

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress wProject Theme < 5.8.0 is vulnerable to Cross Site Scripting (XSS)

Software wProject Type Theme Vulnerable versions 5.8.0 Fixed in 5.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-39365 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d25ce780039c Credits Dave Jong Patchstack Required privilege...