CVE-2024-54436

Cross-Site Request Forgery CSRF vulnerability in milordk Jet Footer Code jet-footer-code allows Stored XSS.This issue affects Jet Footer Code: from n/a through = 1.4...

CVE-2024-53750

Cross-Site Request Forgery CSRF vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2...

CVE-2024-13403 WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping...

CVE-2024-11780

The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Vulnerabilities fixed in VMware Aria Operations

VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include an information leak that allows malicious users with View Only Admin privileges to potentially read the login credentials of integrated VMware products. In addition, there is a stored cross-site scripting...

PT-2025-5241 · Unknown · Bhaskar Dhote Post Carousel Slider

Name of the Vulnerable Software and Affected Versions: Bhaskar Dhote Post Carousel Slider versions through 2.0.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions through 2.0.1, update to a version that contains a fix f...

PT-2025-5242 · Unknown · Ninos Ego Flashcounter

Name of the Vulnerable Software and Affected Versions: Ninos Ego FlashCounter versions 1.1.8 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web applicatio...

CVE-2024-13661

The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditorvtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-4036 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI affected versions not specified Description: A Stored Cross-Site Scripting issue has been found, allowing an authenticated attacker to inject malicious JavaScript code into a message that will be executed when a user opens the chat...

PT-2025-2184 · WordPress · Atakan Au Automatically Hierarchic Categories In Menu

Name of the Vulnerable Software and Affected Versions: Automatically Hierarchic Categories in Menu plugin for WordPress versions up to, and including, 2.0.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode due to insufficient input...

PT-2025-1853 · WordPress · Html5 Chat Plugin

Name of the Vulnerable Software and Affected Versions: HTML5 Chat Plugin for WordPress versions 1.04 and earlier Description: The issue concerns a Stored Cross-Site Scripting vulnerability in the HTML5 chat plugin for WordPress. This vulnerability is due to insufficient input sanitization and...

Cross-site Scripting (XSS)

pscontactinfo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of formatted addresses, which allows stored script execution when combined with third-party modules...

CVE-2025-0804

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-13057

The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

PT-2025-2013 · Unknown · Crelly Slider

Name of the Vulnerable Software and Affected Versions: Crelly Slider versions prior to 1.4.7 Description: The issue arises from the plugin not sanitizing and escaping some of its settings, potentially allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting...

PT-2025-2217 · WordPress · Abc Notation

Name of the Vulnerable Software and Affected Versions: ABC Notation plugin for WordPress versions up to, and including, 6.1.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode due to insufficient input sanitization and output escaping on...

WordPress plugin Ask Me Anything 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-1886 · WordPress · Brodos.Net Onlineshop Plugin

Name of the Vulnerable Software and Affected Versions: brodos.net Onlineshop Plugin plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode due to insufficient input sanitization and...

CVE-2024-13389

The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakesinputemail' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-2167 · WordPress · Wp-Polls

Name of the Vulnerable Software and Affected Versions: WP-Polls plugin for WordPress versions up to, and including, 2.77.2 Description: The issue arises from insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query, making it possible for...