CVE-2025-67990

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 GMap Targeting gmap-targeting allows Reflected XSS.This issue affects GMap Targeting: from n/a through = 1.1.7...

CVE-2019-25447

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

CVE-2019-25449

CVE-2019-25449 affects OrientDB 3.0.17 with a reflected cross-site scripting flaw. The issue allows attackers to submit crafted JSON payloads to the document endpoint, performing a POST to /document/demodb/-1:-1 and injecting script tags in the name parameter to execute arbitrary JavaScript in us...

CVE-2026-27503 SVXportal <= 2.5 admin/log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

CVE-2026-22357

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.9.2...

CVE-2025-69384

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdiscover Timeline Event History timeline-event-history allows Reflected XSS.This issue affects Timeline Event History: from n/a through = 3.2...

CVE-2025-69330

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through 1.4.1...

CVE-2025-68501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through = 8.1.1...

CVE-2025-68031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through = 2.7.3...

CVE-2025-67978

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through = 1.6.1...

CVE-2025-67972

Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9...

CVE-2025-69391 WordPress Diamond theme <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through = 2.4.8...

CVE-2025-69392 WordPress iMoney plugin <= 0.36 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in itex iMoney imoney allows Reflected XSS.This issue affects iMoney: from n/a through = 0.36...

CVE-2025-69330

CVE-2025-69330 is a reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress Theme Prestige, version prior to 1.4.1. The issue is described as an improper neutralization of user-controlled input during web page generation, enabling reflected XSS. Public sources in the connected ...

CVE-2025-69323 WordPress Slimstat Analytics plugin <= 5.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through = 5.3.2...

CVE-2025-68854 WordPress ID Arrays plugin <= 2.1.2 - POST-Based Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through = 2.1.2...

CVE-2025-68501 WordPress Mollie Payments for WooCommerce plugin <= 8.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through = 8.1.1...

CVE-2025-67978 WordPress Educare plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through = 1.6.1...

CVE-2025-67972

Technical details about CVE-2025-67972 are not provided in the connected documents. Public details in the set pertain to other products (e.g., Prague plugin) and do not confirm affected vendor/version/root-cause for Zoho ZeptoMail. Monitor for updates.

WordPress plugin Membee Login 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...