CVE-2025-62729 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

CVE-2025-8568

The CVE-2025-8568 entry relates to the WordPress GMap Generator (Venturit) plugin, with a Stored Cross-Site Scripting vulnerability in the h parameter affecting all versions up to 1.1. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with Con...