CVE-2026-2593

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gspbpostcss post meta value and the dynamicAttributes block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escapin...

EUVD-2025-26056

Malicious code in bioql PyPI...

CVE-2025-34182 Deciso OPNsense < 25.7.4 /interfaces_ppps_edit.php ptpid Stored XSS

In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Devices: Point-to-Point" entry, the value of the parameter ptpid is not sanitized of HTML-related characters/strings. This value is directly displayed when visiting the page/interfacesassign.php, which can result in stored cross-site...

PT-2024-36670 · Unknown · Stop Registration Spam

Name of the Vulnerable Software and Affected Versions: Stop Registration Spam versions 1.23 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application...

CVE-2024-37958

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4...

CVE-2023-1651

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to...