39821 matches found
CVE-2026-49971
Laravel-Mediable before 7.0.0 has a stored XSS in SVG file uploads. Both authenticated and anonymous users can upload unsanitized SVG files containing scripts (onload handlers, script tags, or foreignObject) which can store persistent XSS payloads. When victims view or preview the SVG, the payloa...
CVE-2026-57725
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through = 6.0.11...
CVE-2026-57711
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PSM Plugins SupportCandy supportcandy allows Stored XSS.This issue affects SupportCandy: from n/a through = 3.4.8...
CVE-2026-57414
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot for eCommerce WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce WoowBot: from n/a through = 4.6.1...
CVE-2026-57396
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through = 13.1.0...
CVE-2026-57388
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.44...
CVE-2026-57391
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...
CVE-2026-57379
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...
CVE-2026-57383
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Stored XSS.This issue affects JobSearch: from n/a through = 3.2.9...
CVE-2026-57416 WordPress SiteGround Email Marketing plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through = 1.7.5...
CVE-2026-57414 WordPress ChatBot for eCommerce – WoowBot plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot for eCommerce WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce WoowBot: from n/a through = 4.6.1...
CVE-2026-57399 WordPress Proxy & VPN Blocker plugin <= 3.5.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Stored XSS.This issue affects Proxy & VPN Blocker: from n/a through = 3.5.8...
CVE-2026-57417
CVE-2026-57417 concerns the WordPress Cart Lift plugin, affected versions are
CVE-2026-57420
CVE-2026-57420 concerns a Stored XSS in the WordPress plugin Author Box WP Lens (component: author-box-for-divi). The vulnerability arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected range is WordPress users running versions
CVE-2026-57725
The CVE-2026-57725 entry concerns the WordPress Kirki plugin (Themeum Kirki) with a Stored XSS vulnerability in web page generation. Affected version range is Kirki up to 6.0.11 (exact affected range:
CVE-2026-57379 WordPress FormyChat plugin <= 2.15.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...
CVE-2026-57363
The CVE-2026-57363 entry documents a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress ChatBot plugin, affecting versions up to 8.3.7. The issue arises from improper neutralization of input during web page generation, enabling XSS when data is rendered. Affected component: the Chat...
tagDiv Composer < 4.2 - Stored Cross-Site Scripting
tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...
LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...
The Events Calendar < 6.4.0.1 - Cross-site Scripting
The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...