PT-2025-5521 · Unknown · The Photo Gallery – Gt3 Image Gallery & Gutenberg Block Gallery

Name of the Vulnerable Software and Affected Versions: Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery versions through 2.7.7.24 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for...

CVE-2024-13219

The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13221

The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-5443 · Unknown · Gd Mail Queue

Name of the Vulnerable Software and Affected Versions: GD Mail Queue versions n/a through 4.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject...

CVE-2024-12409

The Simple:Press Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 6.10.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-12638

The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-24593

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8...

CVE-2024-13055

The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-5134 · Unknown · One Backend Language

Name of the Vulnerable Software and Affected Versions: One Backend Language versions through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected cross-site scripting XSS. This enables attackers to inject malicious scripts vi...

CVE-2025-23634

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Reflected XSS.This issue affects Youtube Video Grid: from n/a through = 1.9...

PT-2025-5177 · WordPress · Wp-Flickr-Press

Name of the Vulnerable Software and Affected Versions: wp-flickr-press versions 2.6.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an attacker can inject malicious...

PT-2025-5049 · Unknown · Mind3Dom Ryebread Widgets

Name of the Vulnerable Software and Affected Versions: Mind3doM RyeBread Widgets versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows reflected XSS. This problem affects Mind3d...

CVE-2025-23682

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bhuvnesh Gupta Preloader Quotes preloader-quotes allows Reflected XSS.This issue affects Preloader Quotes: from n/a through = 1.0.0...

CVE-2025-23672

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tenteeglobal Instant Appointment instant-appointment allows Reflected XSS.This issue affects Instant Appointment: from n/a through = 1.2...

PT-2025-5103 · Pqina · Pqina Snippy

Name of the Vulnerable Software and Affected Versions: PQINA Snippy versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Reflected XSS. This means an attacker can trick a user into performing unintended actions on a web application that...

CVE-2024-13404

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-26154

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few different pages...

WordPress Bauernregeln Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Bauernregeln versions = 1.0.1...

WordPress Easy Code Placement Plugin <= 18.11 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin Easy Code Placement versions = 18.11...

WordPress Affiliate Tools Việt Nam plugin <= 0.3.17 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Affiliate Tools Việt Nam versions = 0.3.17...