1151 matches found
CVE-2025-7632
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...
CVE-2025-7430
Summary: CVE-2025-7430 affects Zohocorp ManageEngine Exchange Reporter Plus. The vulnerability is a Stored XSS in the Folder Message Count and Size report . Affected versions are 5723 and below . The root cause is not explicitly broken out in all sources, but descriptions consistently indicate th...
CVE-2025-7430 Stored XSS
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report...
EUVD-2025-60931
The Jeba Cute forkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter in the 'jebaforkit' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
EUVD-2025-60946
The Share to Google Classroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sharetogoogle shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2025-12590
The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...
CVE-2025-12631
The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-12658
CVE-2025-12658 affects the WordPress plugin Preload Current Images (versions up to 1.3). The vulnerability is a Stored Cross‑Site Scripting (XSS) via the complete parameter in the preload_progress_bar shortcode, caused by insufficient input sanitization and output escaping of user-supplied attrib...
CVE-2025-11859 Paypal Donation Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Paypal Donation Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in all versions up to, and including, 0.1. This is due to the plugin not properly sanitizing user input and output of the 'title' and 'text' parameters. This makes it possibl...
CVE-2025-12671
The CVE-2025-12671 entry concerns the WordPress WP-Iconics plugin with stored cross-site scripting in the wp_iconics shortcode parameters. Affected versions are listed as up to 0.0.4 (and upstream updates address 0.0.5+ per remediation notes). Root cause is insufficient input sanitization and ina...
CVE-2025-11869 Precise Columns <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...
CVE-2025-12590 YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...
CVE-2025-12589
CVE-2025-12589 affects the WordPress plugin WP-Walla (versions up to and including 0.5.3.5). The issue is a combination of Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) due to missing nonce verification on the settings page and insufficient input sanitization/output esca...
CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12589 WP-Walla <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 0.5.3.5. This is due to missing nonce verification on the settings page and insufficient input sanitization and output escaping. This makes it possibl...
CVE-2025-12754
CVE-2025-12754 (Geopost WordPress plugin) : Concrete details are provided across multiple connected sources. The Geopost plugin (WordPress) is affected in all versions up to 1.2 and is vulnerable to Stored Cross-Site Scripting via the height parameter of the geopost shortcode. The root cause is i...
PT-2025-46318
Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below Description The software contains a Stored Cross-Site Scripting XSS issue within the Folder Message Count and Size report. This allows for the injection of malicious scripts...
PT-2025-46279
Name of the Vulnerable Software and Affected Versions YSlider versions prior to 1.2 Description The YSlider plugin for WordPress is susceptible to Cross-Site Request Forgery leading to Stored Cross-Site Scripting. This is a result of absent nonce verification on the content configuration page and...
CVE-2025-41107
Stored Cross Site Scripting XSS vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to '/onlineadmission', wich affects the parameters 'firstname', 'lastname', 'guardianname' and others. This vulnerability could allow a remote user to send ...
CVE-2025-63834
A stored cross-site scripting XSS vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage...