Reflected Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.expando.web are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayexpandowebportletExpandoPortletdisplayType parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a...

CVE-2025-40642

CVE-2025-40642 is a reflected Cross-Site Scripting (XSS) vulnerability in WebWork exploited via the q and engine parameters in /search. Affected software is WebWork; the vulnerability stems from improper handling of user-supplied input in the search query, enabling remote code execution in the co...

CVE-2025-58845

Cross-Site Request Forgery CSRF vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through = 1.6.10...

CVE-2025-58848

Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...

CVE-2025-8695

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad NetGIS Server allows Reflected XSS. This issue affects NetGIS Server: from 5.2.4 through 22.08.2025...

CVE-2025-58854

Cross-Site Request Forgery CSRF vulnerability in Samer Bechara Ultimate AJAX Login ultimate-ajax-login allows Reflected XSS.This issue affects Ultimate AJAX Login: from n/a through = 1.2.1...

CVE-2025-58855

CVE-2025-58855 affects AP HoneyPot WordPress Plugin (Versions up to 1.4). Public records describe an improper neutralization of formula elements in a CSV file leading to reflected XSS, and related sources also flag a CSRF vulnerability in the plugin’s CSRF handling. The combination implies an imp...

CVE-2025-58854

CVE-2025-58854 affects WordPress plugin Ultimate AJAX Login (versions n/a–1.2.1). The vulnerability is CSRF that enables a Reflected XSS, with CVSS 3.1 base score 7.1 (HIGH; UI: Required, AV:N, AC:L, PR:N; scope CHANGED; C/L/A/L factors). Exploitation context indicates that user interaction is re...

CVE-2025-58854 WordPress Ultimate AJAX Login Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Samer Bechara Ultimate AJAX Login ultimate-ajax-login allows Reflected XSS.This issue affects Ultimate AJAX Login: from n/a through = 1.2.1...

CVE-2025-58848

CVE-2025-58848 concerns WordPress plugin WP Likes (versions up to 3.1.1). The vulnerability is a CSRF issue that also enables reflected XSS when exploited, as described in multiple sources. Affected software: WP Likes

CVE-2025-58848 WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...

CVE-2025-58845

CVE-2025-58845 affects WordPress Bulk Watermark plugin (versions up to 1.6.10). Description: CSRF vulnerability that allows reflected XSS. CVSS v3.1 base score 7.1 (HIGH); vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. Connected sources do not specify a fixed patch version; no remediation details p...

CVE-2025-58846 WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and...

CVE-2025-58845 WordPress Bulk Watermark Plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through = 1.6.10...

CVE-2025-58809

CVE-2025-58809 affects the WordPress plugin “To Lead For Salesforce.” The vulnerability is a Cross-Site Request Forgery (CSRF) vulnerability that can also enable a reflected XSS. Affected versions are listed as n/a through 2.7.3.9. Remediation per sources is to update to a version later than 2.7....

CVE-2025-58809 WordPress To Lead For Salesforce Plugin <= 2.7.3.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through = 2.7.3.9...

PT-2025-36193

Name of the Vulnerable Software and Affected Versions: Ultimate AJAX Login versions n/a through 1.2.1 Description: The software contains a Cross-Site Request Forgery CSRF vulnerability that also allows Reflected Cross-Site Scripting XSS. Recommendations: Update Ultimate AJAX Login to a version...

PT-2025-36185

Name of the Vulnerable Software and Affected Versions: Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule versions n/a through 2020.1.0 Description: A Cross-Site Request Forgery CSRF vulnerability exists in Dejan Markovic WordPress Buffer ...

CVE-2025-41062

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in /apprain/developer/addons...

CVE-2025-9569 Sunnet｜eHRD CTMS - Reflected Cross-site Scripting

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...