CVE-2025-46749

CVE-2025-46749 is described across multiple feeds as an input/output sanitization issue that allows an authenticated user to inject scripting into fields, triggering client-side script execution. Connected sources reference Schweitzer Engineering Laboratories products (e.g., SEL-5033/SEL-5702/SEL...

CVE-2024-50552

CVE-2024-50552: WordPress Hover Video Preview plugin versions 1.0.2 and earlier are affected by a Stored XSS due to improper neutralization of input during web page generation. The connected sources consistently describe this as a Stored XSS vulnerability in Hover Video Preview (CVE-2024-50552); ...

CVE-2024-51786

CVE-2024-51786 is an XSS vulnerability in the WordPress plugin Realty by BestWebSoft. Affected are Realty by BestWebSoft versions up to 1.1.5 (inclusive). Root cause: improper neutralization of input during web page generation leading to Stored XSS. Impacted contexts can execute scripts in the vi...

CVE-2024-47640

CVE-2024-47640 affects the WP ERP WordPress plugin: a reflected XSS in WP ERP

CVE-2024-50464

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes.This issue affects Kodex Posts likes: from n/a through = 2.5.0...

CVE-2024-43997 WordPress easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg plugin <= 2.4.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in easy.Jobs EasyJobs allows Reflected XSS.This issue affects EasyJobs: from n/a through 2.4.14...

CVE-2024-47347

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Chartify chart-builder allows Reflected XSS.This issue affects Chartify: from n/a through = 2.7.6...

CVE-2024-47349 WordPress WPMobile.App plugin <= 11.50 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through = 11.50...

CVE-2024-47363

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blockspare Blockspare blockspare allows Stored XSS.This issue affects Blockspare: from n/a through = 3.2.4...

CVE-2024-47372

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 3.1.0...

CVE-2024-43995

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in sonalsinha21 Posterity allows Stored XSS.This issue affects Posterity: from n/a through 3.6...

CVE-2024-38860 Reflected links in error message facilitate phishing attacks

Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks...

CVE-2024-38860

CVE-2024-38860 affects Checkmk before versions 2.3.0p16 and 2.2.0p34. The issue is improper neutralization of input that allows attackers to craft malicious links, facilitating phishing attacks. Impact is tied to web-facing link handling and error messaging. Remediation: upgrade to Checkmk 2.3.0p...

CVE-2024-43934

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Robert Felty Collapsing Archives allows Stored XSS.This issue affects Collapsing Archives: from n/a through 3.0.5...

CVE-2024-43330

CVE-2024-43330 concerns PowerPack for Beaver Builder. It is a Reflected Cross-Site Scripting vulnerability in PowerPack for Beaver Builder (IdeaBox Creations) that affects versions up to 2.37.3 (and before 2.37.4). The root cause is improper input neutralization during web page generation, enabli...

CVE-2024-43238

CVE-2024-43238: WeMail for WordPress has a Reflected XSS in web page generation. Affected: the weMail plugin up to version 1.14.5 (from n/a through 1.14.5). According to the connected docs, the issue is publicly associated with this CVE and has a patch status indicating it was addressed (patched)...

CVE-2024-35681

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18...

CVE-2024-35693

CVE-2024-35693 affects WordPress plugin “12 Step Meeting List” (versions

CVE-2024-35699

CVE-2024-35699 is a Stored XSS flaw in HT Feed (HasThemes) affecting HT Feed versions up to 1.2.8. The issue arises from improper input neutralization during web page generation, enabling authenticated users to inject scripts. Red Hat/ENISA Wordfence context confirms the vulnerability and notes a...

CVE-2024-35732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH Custom Login yith-custom-login.This issue affects YITH Custom Login: from n/a through = 1.7.0...