CVE-2025-23687

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in simonhunter Woo Store Mode woo-store-mode allows Reflected XSS.This issue affects Woo Store Mode: from n/a through = 1.0.1...

CVE-2024-13630

The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13634

The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-10483

The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2025-26987

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Reflected XSS. This issue affects Frontend Admin by DynamiApps: from n/a through 3.25.17...

WordPress PrivateContent plugin <= 8.11.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PrivateContent versions = 8.11.5...

CVE-2024-13363

The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

Multiple cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor CWE-79 - CVE-2025-22888 Stored cross-site scripting vulnerability in the HTML edit mode ...

PT-2025-6810 · Woocommerce · Active Products Tables For Woocommerce

Name of the Vulnerable Software and Affected Versions: Active Products Tables for WooCommerce versions 1.0.6.6 and earlier Description: The issue is related to Reflected Cross-Site Scripting via the shortcodes set parameter due to insufficient input sanitization and output escaping. This allows...

WordPress VR Frases plugin < 4.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin VR-Frases versions 4.0...

CVE-2025-23648

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wjharil AdsMiddle adsmiddle allows Reflected XSS.This issue affects AdsMiddle: from n/a through = 1.0...

SUSE CVE-2023-5950

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in...

PT-2025-6964 · Disqus · Disqus Popular Posts

Name of the Vulnerable Software and Affected Versions: Disqus Popular Posts versions through 2.1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Reflected XSS. This means an attacker can trick a user into performing unintended actions on a web application...

WordPress Lazy Blocks plugin <= 3.8.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Lazy Blocks versions = 3.8.2...

WordPress StaffList plugin <= 3.2.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin StaffList versions = 3.2.3...

CVE-2024-13830

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required...

WordPress TablePress Plugin 2.0 < 2.1.5 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tablepress:tablepress"; if description...

PT-2025-5902

Name of the Vulnerable Software and Affected Versions Legull WordPress plugin versions 1.2.2 and earlier Description The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could be use...

CVE-2024-13326

The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-5199 · Unknown · Applicantpro

Name of the Vulnerable Software and Affected Versions: ApplicantPro versions 1.3.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website,...