CVE-2025-58216 WordPress WP Thumbtack Review Slider Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Thumbtack Review Slider wp-thumbtack-review-slider allows Stored XSS.This issue affects WP Thumbtack Review Slider: from n/a through = 2.6...

WP Go Maps < 9.0.33 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

PT-2023-30382 · WordPress · Scott Paterson Easy Paypal Shopping Cart

Name of the Vulnerable Software and Affected Versions: Scott Paterson Easy PayPal Shopping Cart plugin versions = 1.1.10 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with contributor or higher permissions. This allows for malicious script...

CVE-2023-3248 All-in-one Floating Contact Form < 2.1.2 - Admin+ Stored Cross-Site Scripting

The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

WordPress SEO Plugin by Squirrly SEO Plugin < 12.1.21 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squirrly:seopluginbysquirrlyseo"; ifdescription...

Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC themifyportfolioposts imageh='100"...

Gravity PDF < 6.3.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=gfeditforms=settings=pdf=1'...