79 matches found
CVE-2026-57366
Unauthenticated Cross Site Scripting XSS in WPAdverts = 2.3.1 versions...
CVE-2026-57351
Unauthenticated Cross Site Scripting XSS in HandL UTM Grabber = 2.9.2 versions...
CVE-2026-57344
Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.4.2 versions...
CVE-2026-27408
Unauthenticated Cross Site Scripting XSS in NativeChurch = 4.8.8.2 versions...
CVE-2025-69155
CVE-2025-69155 affects the Fitness Zone WordPress Theme up to version 5.7. It is described as an unauthenticated Cross Site Scripting (XSS) vulnerability in the theme, with CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction...
CVE-2026-57336
Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...
EUVD-2026-39384
Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...
CVE-2026-39548
Unauthenticated Cross Site Scripting XSS in MagOne = 9.0 versions...
CVE-2024-49269 WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...
CVE-2026-48871
Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...
CVE-2026-42649
Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...
CVE-2026-39514
Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...
CVE-2026-34902
Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...
CVE-2026-52702 WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...
PT-2026-49354
Unauthenticated Cross Site Scripting XSS in Redirection for Contact Form 7 = 3.2.8 versions...
CVE-2026-9109 GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage
The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping...
WordPress LiteSpeed Cache plugin <= 7.7 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LiteSpeed Cache versions = 7.7...
CVE-2026-45622
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...
CVE-2026-45622
Vvveb CMS (version prior to 1.0.8.3) is affected by an unauthenticated reflected XSS in the public product return form. The issue arises from inserting the customer_order_id into the error message without HTML escaping, allowing attacker-controlled HTML/JavaScript to execute in the submitting use...
PT-2026-41359
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customer order id POST parameter is inserted into the...