CVE-2024-56208

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through = 1.0.71...

CVE-2026-24955 WordPress Whizz Plugins plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: from n/a through = 1.9...

CVE-2026-24943

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through = 5.3.4...

CVE-2026-22352 WordPress Persian Woocommerce SMS plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through = 7.1.1...

CVE-2025-69391

CVE-2025-69391 corresponds to WordPress Diamond theme (GT3themes)

CVE-2025-69391 WordPress Diamond theme <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through = 2.4.8...

CVE-2025-69324

CVE-2025-69324 describes a stored XSS vulnerability in Basix NEX-Forms (WordPress plugin: nex-forms-express-wp-form-builder) affecting versions up to and including 9.1.7. Root cause: improper input neutralization during web page generation leading to stored Cross-Site Scripting. Impact per source...

CVE-2025-69307 WordPress Medinik Core plugin <= 1.3.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through = 1.3.6...

CVE-2025-69296

CVE-2025-69296 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress theme Aardvark (GhostPool Aardvark aardvark), affecting versions up to and including 4.6.3 . The root cause is improper input neutralization during web page generation, enabling an attacker to inject arbitrary...

CVE-2025-53228 WordPress bbpress Simple Advert Units Plugin <= 0.41 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue affects bbpress Simple Advert Units: from n/a through = 0.41...

CVE-2024-51915 WordPress LiteSpeed Cache plugin <= 6.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through = 6.5.2...

CVE-2026-25453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

CVE-2025-10970

CVE-2025-10970 applies to Kolay Software Inc. Talentics (through version 20022026). The issue is an SQL Injection in Talentics caused by improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Several sources (NVD/Red Hat/CVE listing) confirm the vulnerability d...

Owl Cyber Defense OPDS 命令注入漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a command injection vulnerability, which stems from improper neutralization of special elements. This vulnerability may allow command injection attac...

PT-2026-21045

Name of the Vulnerable Software and Affected Versions FluentCart versions prior to 1.3.0 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to inject...

PT-2026-21233

Name of the Vulnerable Software and Affected Versions ThemeGoods PhotoMe versions through 5.7.1 Description The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting XSS condition. This allows for potential malicious co...

PT-2026-21009

Name of the Vulnerable Software and Affected Versions Talentics versions through 20022026 Description A flaw exists in Talentics that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. The vendor was contacted regarding this issue but did not...

PT-2026-21051

Name of the Vulnerable Software and Affected Versions FixBD Educare versions through 1.6.1 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-site Scripting XSS issue. This allows for the injection of malicious...

PT-2026-21261

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-27360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.38...