CVE-2025-32670

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark Parnell Spark GF Failed Submissions spark-gf-failed-submissions allows Reflected XSS.This issue affects Spark GF Failed Submissions: from n/a through = 1.3.5...

Sailthru Triggermail <= 1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open: alert23' /...

Golo < 1.3.3 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Golo theme v1.3.2 for WordPress. https://example.com/?s=%22%3E%3Cimg+src%3Dx+onerror%3DalertXSS%2F%2F%22%3E&posttype=place...

Prolisting - Directory Listing < 1.27 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Prolisting - Directory Listing WordPress Theme», tested version — v1.2. https://demoapus.com/prolisting/listings/?searchdistance=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...

Gallery Photoblocks < 1.1.41 - Unauthenticated Reflected XSS

Also Full Path Disclosure depending on the configuration of the server https:///wp-content/plugins/photoblocks-grid-gallery/admin/partials/photoblocks-edit.php?id="...

Custom 404 Pro < 3.2.9 - Authenticated Reflected XSS

The Custom 404 Pro WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. Version...

U.S. Dept Of Defense: HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC]

Hello U.S. Dept Of Defense Security Team, My name is Ismail Tasdelen. As a security researcher. I found a html injection and xss vulnerability. Url address : https://█████████/ HTML Injection + XSS Payload = html+injection+xss"Ismail Tasdelen Descripton : The server reads data directly from the...