WordPress plugin UX Flat security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

CVE-2023-4783

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2019-25270 SOCA Access Control System 180612 Reflected Cross-Site Scripting via logged_page.php

SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of loggedpage.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to execute arbitrary HTML and script code in a...

CVE-2025-15372

A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2024-25814

CVE-2024-25814 affects MyNET up to v26.05. The issue is a reflected cross-site scripting (XSS) vulnerability exploitable via the msg parameter. The Red Hat/EU ENISA/CNNVD and CVE entries corroborate the same description: vulnerable version range is prior to 26.05, with the root cause being reflec...

CVE-2025-13693 Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2025-34260 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/schedule

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

CVE-2025-65858

A Stored Cross-Site Scripting XSS vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed...

PT-2025-48754

Name of the Vulnerable Software and Affected Versions Aimeos GrapesJS CMS extension versions prior to 2021.10.8 Aimeos GrapesJS CMS extension versions prior to 2022.10.8 Aimeos GrapesJS CMS extension versions prior to 2023.10.8 Aimeos GrapesJS CMS extension versions prior to 2024.10.8 Aimeos...

CVE-2025-65676

CVE-2025-65676 is a stored XSS defect in Classroomio LMS 0.1.13, where authenticated attackers can upload crafted SVG cover images that execute code in the context of the application. Multiple adapters (NVD, Red Hat, EUVD, OSV, CIRCL, PT-Security, CNNVD, CVE lists, PacketStorm, etc.) consistently...

CVE-2025-11765 Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageheight' and 'imagewidth' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-10295

CVE-2025-10295 affects the Angel – Fashion Model Agency WordPress Theme (versions up to and including 3.2.3). The vulnerability is a Stored Cross-Site Scripting flaw in the profile media uploader caused by insufficient input sanitization and output escaping. It requires authenticated access at su...

CVE-2025-48085

Cross-Site Request Forgery CSRF vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through = 0.9.17...

CVE-2025-20304

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

CVE-2025-11745

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...

EUVD-2015-6877

Malware in sbrugna...

EUVD-2006-0450

Malware in sbrugna...

EUVD-2009-4352

Malware in sbrugna...