CVE-2025-53237

CVE-2025-53237 affects the Soflyy WP Wizard Cloak plugin for WordPress, specifically the wp-wizard-cloak component, with versions up to and including 1.0.1. The root cause is improper neutralization of input during web page generation, enabling a Reflected XSS vulnerability. Impact per the entry ...

PT-2026-21165

Name of the Vulnerable Software and Affected Versions wpdiscover Timeline Event History versions through 3.2 Description The Timeline Event History component of wpdiscover is susceptible to a Reflected Cross-site Scripting issue. This occurs due to improper neutralization of input during web page...

PT-2026-21124

Name of the Vulnerable Software and Affected Versions GhostPool Aardvark versions through 4.6.3 Description A Reflected Cross-site Scripting XSS issue exists in GhostPool Aardvark. This allows for improper neutralization of input during web page generation. The issue could potentially allow an...

CVE-2026-2736

Alkacon OpenCms 18.0 is affected by CVE-2026-2736: a reflected XSS vulnerability exploitable by sending a user a malicious URL containing the q parameter in /search/index.html. The issue allows execution of JavaScript in the victim’s browser, enabling potential access to session cookies or action...

Lazy Blocks <= 3.8.2 - Cross-Site Scripting

Custom Block Builder WordPress plugin 3.8.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to load malicious page. id:...

CVE-2020-37044

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting XSS attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For...

CVE-2025-14063

CVE-2025-14063 – SEO Links Interlinking (WordPress) is a Reflected Cross-Site Scripting (XSS) vulnerability affecting all versions up to 1.7.5. The issue arises from insufficient input sanitization and output escaping for the google_error parameter, enabling unauthenticated attackers to inject ar...

CVE-2026-24623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through = 1.0...

CVE-2025-68884

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through = 1.1...

CVE-2025-68904

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through = 11.0.0...

CVE-2025-67959

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through = 4.1.07...

CVE-2025-67620

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CleverSoft Anon anon2x allows Reflected XSS.This issue affects Anon: from n/a through = 2.2.10...

CVE-2025-49043

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magiccarousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through = 1.6...

CVE-2025-69320 WordPress Grand Magazine theme <= 3.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Magazine grandmagazine allows Reflected XSS.This issue affects Grand Magazine: from n/a through = 3.5.7...

CVE-2025-68010

CVE-2025-68010 is a Reflected XSS in the WordPress Netgsm plugin. Affected: Netgsm

CVE-2025-67959

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through = 4.1.07...

CVE-2025-49249

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ApusTheme Drone drone allows Reflected XSS.This issue affects Drone: from n/a through = 1.40...

CVE-2025-49045

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects Super Interactive Maps: from n/a through = 2.3...

PT-2026-4055

Name of the Vulnerable Software and Affected Versions GLS Shipping for WooCommerce versions through 1.4.0 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Reflected Cross-Site Scripting XSS. This allows an attacker to inject...

CVE-2025-57786

A reflected cross-site scripting xss vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...