6239 matches found
CVE-2025-23523
CVE-2025-23523 affects the WordPress plugin HSS Embed Streaming Video (hoststreamsell) up to version 3.23, enabling a Reflected XSS vulnerability during web page generation. The connected sources confirm the issue as Reflected XSS without detailing exploit steps. Remediation guidance present in t...
CVE-2024-13735
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. This makes it possible...
CVE-2024-27781
An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all...
CVE-2025-26574 WordPress Google Drive WP Media plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Moch Amir Google Drive WP Media google-drive-wp-media allows Stored XSS.This issue affects Google Drive WP Media: from n/a through = 2.4.4...
CVE-2025-26574 WordPress Google Drive WP Media plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Moch Amir Google Drive WP Media google-drive-wp-media allows Stored XSS.This issue affects Google Drive WP Media: from n/a through = 2.4.4...
CVE-2025-26551 WordPress Bootstrap collapse plugin <= 1.0.4 - CSRF to Stored Cross-Site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sureshdsk Bootstrap collapse bootstrap-collapse allows Stored XSS.This issue affects Bootstrap collapse: from n/a through = 1.0.4...
WordPress Easy Amazon Product Information plugin <= 4.0.1 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Easy Amazon Product Information versions = 4.0.1...
CVE-2024-13644
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin ProfilePress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WP Pricing Table plugin <= 1.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP Pricing Table versions = 1.1...
CVE-2024-51122
Cross Site Scripting vulnerability in Zertificon Z1 SecureMail Z1 CertServer v.3.16.4-2516-debian12 alllows a remote attacker to execute arbitrary code via the ST, L, O, OU, CN parameters...
CVE-2025-25203
CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting XSS vulnerability exists in the TicketsController and Moderation/TicketsController due to insufficient input validation on the priority field during ticket creation and unsafe rendering o...
CVE-2024-57686
A Cross Site Scripting XSS vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter...
CVE-2025-24413
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...
CVE-2024-12599
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2024-11831 Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...
WordPress TablePress Plugin 2.0 < 2.1.5 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tablepress:tablepress"; if description...
Azure Linux 3.0 Security Update: python-jinja2 (CVE-2024-22195)
The version of python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22195 advisory. - Jinja is an extensible templating engine. Special placeholders in the template allow writing code...
CVE-2024-57279
A reflected Cross-Site Scripting XSS vulnerability has been identified in the LDAP User Manager = ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject...
CVE-2024-13850
The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject...