CVE-2025-32172 WordPress YaMaps for WordPress plugin <= 0.6.40 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yuri Baranov YaMaps for WordPress yamaps allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through = 0.6.40...

CVE-2025-32170 WordPress Motors plugin <= 1.4.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Stored XSS.This issue affects Motors: from n/a through = 1.4.71...

CVE-2025-32167 WordPress SurveyJS plugin <= 1.12.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devsoftbaltic SurveyJS surveyjs allows Stored XSS.This issue affects SurveyJS: from n/a through = 1.12.20...

CVE-2025-32136

CVE-2025-32136 describes a Stored XSS in the ActiveCampaign – Forms, Site Tracking plugin for WordPress, affecting ActiveCampaign plugin versions from n/a up to and including 8.1.16. The CVSS 3.1 base score is 5.9 (Medium); vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L, with impact by conf...

CVE-2025-32132

CVE-2025-32132 shows a Stored XSS in FunnelCockpit due to improper neutralization of input during web page generation. Affected: FunnelCockpit from n/a through 1.4.2. No remediation details provided in the supplied documents.

CVE-2025-32129 WordPress Welcome Bar plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Data443 Risk Migitation, Inc. Welcome Bar allows Stored XSS. This issue affects Welcome Bar: from n/a through 2.0.4...

CVE-2025-3252

Xujiangfei admintwo 1.0 is affected. The vulnerability is in the /resource/add endpoint where manipulating the Name parameter enables cross-site scripting (XSS). The attack can be carried out remotely and the exploit has been disclosed publicly. The available documents do not specify a fixed vers...

CVE-2025-31384 WordPress Videos plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Aviplugins Videos videos allows Reflected XSS.This issue affects Videos: from n/a through = 1.0.5...

WordPress News Kit Elementor Addons plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin News Kit Elementor Addons versions = 1.4.2...

WordPress Table Block by Tableberg plugin <= 0.6.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Table Block by Tableberg versions = 0.6.10...

CVE-2025-31407

CVE-2025-31407 affects the Tiger software (up to version 2.0). The connected data indicates an authenticated (Subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Tiger, caused by improper input neutralization during web page generation. The CVSS v3.1 base metrics are: Score 6.5 (Mediu...

WordPress Welcome Bar plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Welcome Bar versions = 2.0.4...

CVE-2025-22282 WordPress ez Form Calculator Premouium plugin <= 2.14.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in keksdieb ez Form Calculator Premium ez-form-calculator-premium allows Reflected XSS.This issue affects ez Form Calculator Premium: from n/a through = 2.14.1.2...

CVE-2024-13898

The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...

WordPress plugin Advanced Woo Labels 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

wineindustrynetwork.com Cross Site Scripting vulnerability OBB-4042142

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-31811

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtreeme Planyo online reservation system planyo-online-reservation-system allows Stored XSS.This issue affects Planyo online reservation system: from n/a through = 3.1...

CVE-2025-31764

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Stored XSS.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...

CVE-2025-31829

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devscred ShopCred shopcred allows DOM-Based XSS.This issue affects ShopCred: from n/a through = 1.3.0...

CVE-2025-31883

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Stored XSS.This issue affects WebinarPress: from n/a through = 1.33.28...