PT-2025-40487

Name of the Vulnerable Software and Affected Versions Blappsta Mobile App Plugin versions prior to 0.8.8.9 Description The Blappsta Mobile App Plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization and query preparation. Specifically, the nh ynaa comments functi...

CVE-2025-56161

YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes, sensitive fields bcrypt password hash, mobile...

CVE-2025-9512

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...

CVE-2025-9512

CVE-2025-9512 affects the WordPress plugin Schema & Structured Data for WP & AMP prior to version 1.50. The vulnerability is an unauthenticated stored XSS caused by incorrect handling of HTML tag attribute modifications in post comments, enabling an attacker to inject scripts that run in other us...

CVE-2025-9512 Schema & Structured Data for WP & AMP < 1.50 - Unauthenticated Stored-XSS

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...

CVE-2025-9512 Schema & Structured Data for WP & AMP < 1.50 - Unauthenticated Stored-XSS

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...

CVE-2025-56234

ATNA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC ATNA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within...

CVE-2025-56233

Openindiana, kernel SunOS 5.11 has a denial of service vulnerability. For the processing of TCP packets with RST or SYN flag set, Openindiana has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be with...

CVE-2025-60186

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Moss Google+ Comments google-plus-comments allows Stored XSS.This issue affects Google+ Comments: from n/a through = 1.0...

CVE-2025-59832

Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, an...

WordPress Google+ Comments Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Google+ Comments versions = 1.0...

CVE-2025-60186

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Moss Google+ Comments google-plus-comments allows Stored XSS.This issue affects Google+ Comments: from n/a through = 1.0...

CVE-2025-60186

CVE-2025-60186 is a Stored XSS in the WordPress plugin Google+ Comments (Google+ Comments,

CVE-2025-60186 WordPress Google+ Comments Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Moss Google+ Comments google-plus-comments allows Stored XSS.This issue affects Google+ Comments: from n/a through = 1.0...

CVE-2025-60186 WordPress Google+ Comments Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Moss Google+ Comments google-plus-comments allows Stored XSS.This issue affects Google+ Comments: from n/a through = 1.0...

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

WordPress plugin Google+ Comments cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

PT-2025-39620

Name of the Vulnerable Software and Affected Versions Alex Moss Google+ Comments versions through 1.0 Description The software contains a flaw related to improper input handling during web page generation, specifically a Cross-site Scripting issue. This allows for Stored XSS attacks. The issue...

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...