WordPress plugin Login No Captcha reCAPTCHA 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Content Slideshow plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Content Slideshow versions = 2.4.1...

WordPress GNTT Post Title Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin GNTT Post Title Ticker versions = 1.0...

WordPress Auto Affiliate Links plugin <= 6.8.8 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by DJumanto in WordPress Plugin Auto Affiliate Links versions = 6.8.8...

WordPress WP YouTube Lyte plugin <= 1.7.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via lyte Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via lyte Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP YouTube Lyte versions = 1.7.29...

PT-2026-30632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through 3.34...

CVE-2026-28298

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

PT-2026-8327

Stored Cross-Site Scripting XSS vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource...

WordPress Extended Random Number Generator plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings vulnerability discovered by 0x34rth in WordPress Plugin Extended Random Number Generator versions = 1.1...

WordPress WP To Do plugin <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Task Comments vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via Task Comments vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WP To Do versions = 1.3.0...

CVE-2026-0483

Stored Cross-Site Scripting XSS vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link...

CVE-2025-40975

CVE-2025-40975 describes a stored Cross-Site Scripting (XSS) vulnerability in WorkDo’s HRMGo. The issue arises from insufficient validation of user input in the description parameter of a POST to /hrmgo/ticket/changereply, allowing injected scripts to be stored. Root cause: lack of proper input v...

WordPress plugin AI BotKit – AI Chatbot & Live Support for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2026-0835

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

CVE-2025-62990

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in livemesh Livemesh Addons for Beaver Builder addons-for-beaver-builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through = 3.9.2...

CVE-2025-62759 WordPress Series plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Tadlock Series series allows Stored XSS.This issue affects Series: from n/a through = 2.0.1...

CVE-2025-68532

CVE-2025-68532 relates to a Stored Cross-Site Scripting vulnerability in ModelTheme Addons for WPBakery and Elementor (modeltheme-addons-for-wpbakery). The issue arises from improper input neutralization during web page generation, allowing stored script execution via the affected plugin. Affecte...

MyBB 跨站脚本漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in MyBB version 1.8.26, which stems from a stored cross-si...

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...