CVE-2025-31892

CVE-2025-31892 pertains to the WordPress plugin WP Crowdfunding (Themeum) and is described as a stored cross-site scripting vulnerability. Affected: WP Crowdfunding

CVE-2025-31883

Technical details for CVE-2025-31883 are not provided in the connected documents; the available info mentions a Stored XSS in WebinarPress/WP-WebinarSystem (WordPress plugin) but gives no specifics on affected versions, vectors, impact, or remediation.

CVE-2025-31835 WordPress WP Plugin Info Card plugin <= 5.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brice Capobianco WP Plugin Info Card wp-plugin-info-card allows DOM-Based XSS.This issue affects WP Plugin Info Card: from n/a through = 5.3.0...

CVE-2025-31835

The CVE-2025-31835 issue in the WP Plugin Info Card plugin is associated with a Stored Cross-Site Scripting risk via the containerid parameter. Connected sources indicate this affects all versions up to 5.3.1 and that the prior patch for CVE-31835 was incomplete, leaving authenticated attackers (...

CVE-2025-31815 WordPress Design Blocks plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devscred Design Blocks exclusive-blocks allows Stored XSS.This issue affects Design Blocks: from n/a through = 1.2.5...

CVE-2025-31811 WordPress Planyo online reservation system plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtreeme Planyo online reservation system allows Stored XSS. This issue affects Planyo online reservation system: from n/a through 3.0...

CVE-2025-31804 WordPress Follow Us Badges plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

CVE-2025-31742 WordPress Dima Take Action Plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PixelDima Dima Take Action dima-take-action allows Stored XSS.This issue affects Dima Take Action: from n/a through = 1.0.5...

CVE-2025-31730 WordPress Marketer Addons Plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DigitalCourt Marketer Addons marketer-addons allows Stored XSS.This issue affects Marketer Addons: from n/a through = 1.0.1...

vivifyscrum.com Cross Site Scripting vulnerability OBB-4041622

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Oracle Cards Lite plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) Vulnerability

Reflected Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Oracle Cards Lite versions = 1.2.1...

CVE-2025-30796 WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 3.0.14...

CVE-2025-30547 WordPress WP Cards plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Tufts WP Cards wp-cards allows Reflected XSS.This issue affects WP Cards: from n/a through = 1.5.1...

CVE-2025-30547 WordPress WP Cards plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Tufts WP Cards allows Reflected XSS. This issue affects WP Cards: from n/a through 1.5.1...

Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting XSS. This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1...

CVE-2025-31687

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal SpamSpan filter allows Cross-Site Scripting XSS.This issue affects SpamSpan filter: from 0.0.0 before 3.2.1...

CVE-2025-31679

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting XSS.This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4...

CVE-2025-29772

CVE-2025-29772 describes a reflected XSS vulnerability in OpenEMR, specifically involving the POST parameter hidden_subcategory that is echoed to CAMOS/new.php without proper sanitization. This affects OpenEMR prior to version 7.0.3 (fixed in 7.0.3). The vulnerability could allow an attacker to i...

WordPress Simple Contact Forms plugin <= 1.6.4 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Simple Contact Forms versions = 1.6.4...

CVE-2025-31607 WordPress Simple-Audioplayer plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flomei Simple-Audioplayer simple-audioplayer allows Stored XSS.This issue affects Simple-Audioplayer: from n/a through = 1.1...