CVE-2025-11812 Reuse Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reusebuildersingleposttitle' shortcode in all versions up to, and including, 1.7. This is due to insufficient input sanitization and output escaping on the 'style' attribute. This makes it possible for...

CVE-2025-12402 LinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.00. This is due to missing or incorrect nonce validation on the linkedinresumeprintAdminPage function. This makes it possible for unauthenticated attackers to update settin...

CVE-2025-12369 Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...

CVE-2025-12410 SH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the shcontextualhelpdashboardwidget function. This makes it possible for unauthenticated attackers to update...

CVE-2025-12412 Top Bar Notification <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Top Bar Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on th tbnajaxadd function. This makes it possible for unauthenticated attackers to update the plugin's setting...

PT-2025-44938

Name of the Vulnerable Software and Affected Versions Bootstrap Multi-language Responsive Portfolio versions prior to 1.0 Description The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input...

CVE-2025-12090 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-11995 Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2025-44577

Name of the Vulnerable Software and Affected Versions Qzzr Shortcode Plugin for WordPress versions prior to 1.0.2 Description The Qzzr Shortcode Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'qzzr' shortcode. This is a result of inadequate input sanitization and...

CVE-2021-47695 Nagios XI < 5.8.0 XSS via My Tools Page

Nagios XI versions prior to 5.8.0 are vulnerable to stored cross-site scripting XSS via the My Tools page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2025-34306

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...

EUVD-2025-36517

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34310

IPFire (before 2.29 Core Update 198) is affected by a stored XSS in QoS settings. The vulnerability arises when updating QoS via /cgi-bin/qos.cgi, where INC_SPD, OUT_SPD, DEFCLASS_INC, and DEFCLASS_OUT values are stored and later rendered without proper sanitization, allowing an authenticated use...

CVE-2025-11682

Stored cross-site scripting XSS vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can...

PT-2025-44161

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the PROT...

CVE-2025-62896

Cross-Site Request Forgery CSRF vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through = 1.5...

CVE-2025-62956 WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through = 2.0.1...

CVE-2025-62945

CVE-2025-62945 affects WordPress plugin Did Prestashop Display (

CVE-2025-62934 WordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

PT-2025-43809

Cross-Site Request Forgery CSRF vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through = 2.2.1...