CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

CVE-2025-55944

CVE-2025-55944 concerns Slink v1.4.9, where stored XSS can be triggered by crafted SVG uploads. The vulnerability arises when a user views the shared image in a new tab, allowing embedded JavaScript to execute for both authenticated and unauthenticated users. Technical specifics across connected ...

CVE-2025-52546 Stored XSS by uploading a specially crafted floor plan file

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...

CVE-2025-48307

Cross-Site Request Forgery CSRF vulnerability in kasonzhao SEO For Images seo-for-images allows Stored XSS.This issue affects SEO For Images: from n/a through = 1.0.0...

CVE-2025-48351

Cross-Site Request Forgery CSRF vulnerability in PluginsPoint Kento Splash Screen kento-splash-screen allows Stored XSS.This issue affects Kento Splash Screen: from n/a through = 1.4...

CVE-2025-48306

Cross-Site Request Forgery CSRF vulnerability in developers savyour Savyour Affiliate Partner savyour-affiliate-partner allows Stored XSS.This issue affects Savyour Affiliate Partner: from n/a through = 2.1.4...

CVE-2025-48353

Cross-Site Request Forgery CSRF vulnerability in dactum Clickbank WordPress Plugin Niche Storefront clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin Niche Storefront: from n/a through = 1.3.5...

CVE-2025-48343

Cross-Site Request Forgery CSRF vulnerability in Aaron Axelsen WPMU Ldap Authentication wpmuldap allows Stored XSS.This issue affects WPMU Ldap Authentication: from n/a through = 5.0.1...

CVE-2025-48325 WordPress WP Admin Theme plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in shmish111 WP Admin Theme wp-admin-theme allows Stored XSS.This issue affects WP Admin Theme: from n/a through = 1.0...

CVE-2025-48321 WordPress Ultimate twitter profile widget plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in dyiosah Ultimate twitter profile widget ultimate-twitter-profile-widget allows Stored XSS.This issue affects Ultimate twitter profile widget: from n/a through = 1.0...

CVE-2025-48307

CVE-2025-48307 : WordPress plugin SEO For Images has a CSRF vulnerability that can lead to stored XSS. Affected versions are n/a through 1.0.0. Evidence from Patchstack and PT-Security confirms CSRF to Stored XSS is present, with remediation guidance recommending updating to a version later than ...

CVE-2025-48109 WordPress XM-Backup plugin <= 0.9.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Xavier Media XM-Backup xm-backup allows Stored XSS.This issue affects XM-Backup: from n/a through = 0.9.1...

WordPress plugin Clickbank WordPress Plugin (Niche Storefront) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-34993

Name of the Vulnerable Software and Affected Versions: Google XML News Sitemap plugin versions not specified Description: The Google XML News Sitemap plugin contains a Cross-Site Request Forgery CSRF vulnerability that also allows Stored Cross-Site Scripting XSS. Recommendations: At the moment,...

PT-2025-35027

Name of the Vulnerable Software and Affected Versions: thaihavnn07 ATT YouTube Widget versions through 1.0 Description: A Cross-Site Request Forgery CSRF vulnerability exists in the thaihavnn07 ATT YouTube Widget, which can lead to Stored Cross-Site Scripting XSS. Recommendations: Update...

CVE-2025-8490

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2025-52035

A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 dated...

CVE-2025-7957

The CVE-2025-7957 entry concerns the WordPress ShortcodeHub plugin (MultiPurpose Shortcode Builder). It is a Stored Cross-Site Scripting (XSS) vulnerability via the author_link_target parameter in all versions up to 1.7.1, allowing authenticated attackers with Contributor+ privileges to inject sc...

CVE-2025-57762

WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scripting XSS vulnerability in the dependentedocdependente.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the nome parameter. The injected...

CVE-2025-46962

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...