CVE-2025-22641

CVE-2025-22641 is a Stored XSS in the WordPress FM Notification Bar plugin (versions 1.0.2 and earlier) caused by improper input neutralization during web page generation. Public details confirm affected software and the vulnerability type; Patchstack indicates a fix in later releases (plugin

CVE-2024-13114

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-11132

The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level an...

WordPress Simple Auto Tag plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Simple Auto Tag versions = 1.1...

CVE-2025-23491 WordPress VSTEMPLATE Creator plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vikash Srivastava VSTEMPLATE Creator vstemplate-creator allows Reflected XSS.This issue affects VSTEMPLATE Creator: from n/a through = 2.0.2...

CVE-2024-57097

ClassCMS 4.8 is vulnerable to Cross Site Scripting XSS in class/admin/channel.php...

WordPress Authors Autocomplete Meta Box plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Authors Autocomplete Meta Box versions = 1.2...

CVE-2024-47103

IBM Sterling B2B Integrator vulnerable to cross-site scripting (CVE-2024-47103) in Standard Edition for versions 6.0.0.0–6.1.2.5 and 6.2.0.0–6.2.0.3. A privileged user can embed arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. IBM’s bulletin cites CVS...

CVE-2024-47103 IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

WordPress SlideDeck 1 Lite Content Slider plugin <= 1.4.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin SlideDeck 1 Lite Content Slider versions = 1.4.8...

CVE-2025-24635

CVE-2025-24635 concerns the WordPress Paytm – Donation Plugin (versions n/a through 2.3.1). The underlying issue is an “Improper Neutralization of Input During Web Page Generation” that enables a Reflected Cross-Site Scripting (XSS) attack. Affected component: plugin code responsible for renderin...

WordPress plugin User Messages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2025-22221

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent...

CVE-2024-13460

The WE – Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Testimonial Author Names in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2024-13661 Table Editor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditorvtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-12638

The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin Team Rosters 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Ai Image Alt Text Generator for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-0785

Summary: CVE-2025-0785 affects ESAFENET CDG V5, specifically the /SysConfig.jsp file where the user-supplied parameter likely named “help” can be manipulated to trigger cross-site scripting (XSS). The root cause is improper sanitization/handling of the argument, enabling an attacker to inject exe...

CVE-2024-13527

The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...