CVE-2025-62729 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

CVE-2025-8568

The CVE-2025-8568 entry relates to the WordPress GMap Generator (Venturit) plugin, with a Stored Cross-Site Scripting vulnerability in the h parameter affecting all versions up to 1.1. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with Con...

CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

aspcms Station system injection 0day-vulnerability warning-the black bar safety net

aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and Support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station. Vulnerability file:/plug/productbuy...