CVE-2025-5801 Digital Events Calendar <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter

The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-8686 WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode

The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WPEASYFAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-9857

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

Linux Distros Unpatched Vulnerability : CVE-2018-19995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the address POST ...

CVE-2025-36125

IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2025-9111

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-58868

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through = 1.3.2...

CVE-2025-6757

The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-58857

CVE-2025-58857 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “Table of content” (WordPress Table of content, content-table). Public sources in the connected documents indicate the affected versions are

CVE-2025-41048

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/admin...

CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

CVE-2025-55944

CVE-2025-55944 concerns Slink v1.4.9, where stored XSS can be triggered by crafted SVG uploads. The vulnerability arises when a user views the shared image in a new tab, allowing embedded JavaScript to execute for both authenticated and unauthenticated users. Technical specifics across connected ...

CVE-2025-52546 Stored XSS by uploading a specially crafted floor plan file

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...

CVE-2025-48307

Cross-Site Request Forgery CSRF vulnerability in kasonzhao SEO For Images seo-for-images allows Stored XSS.This issue affects SEO For Images: from n/a through = 1.0.0...

CVE-2025-48353

Cross-Site Request Forgery CSRF vulnerability in dactum Clickbank WordPress Plugin Niche Storefront clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin Niche Storefront: from n/a through = 1.3.5...

CVE-2025-48343

Cross-Site Request Forgery CSRF vulnerability in Aaron Axelsen WPMU Ldap Authentication wpmuldap allows Stored XSS.This issue affects WPMU Ldap Authentication: from n/a through = 5.0.1...

CVE-2025-48321 WordPress Ultimate twitter profile widget plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in dyiosah Ultimate twitter profile widget ultimate-twitter-profile-widget allows Stored XSS.This issue affects Ultimate twitter profile widget: from n/a through = 1.0...

CVE-2025-48307

CVE-2025-48307 : WordPress plugin SEO For Images has a CSRF vulnerability that can lead to stored XSS. Affected versions are n/a through 1.0.0. Evidence from Patchstack and PT-Security confirms CSRF to Stored XSS is present, with remediation guidance recommending updating to a version later than ...

CVE-2025-48109 WordPress XM-Backup plugin <= 0.9.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Xavier Media XM-Backup xm-backup allows Stored XSS.This issue affects XM-Backup: from n/a through = 0.9.1...

WordPress plugin Clickbank WordPress Plugin (Niche Storefront) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...