CVE-2025-31467 WordPress Flickr Photostream plugin <= 3.1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in miro.mannino Flickr Photostream flickr-photostream allows Reflected XSS.This issue affects Flickr Photostream: from n/a through = 3.1.8...

CVE-2025-3098 Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting

The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2025-31548

The CVE-2025-31548 entry affects Ultimate Push Notifications (WordPress) up to version 1.1.8, with a Reflected XSS vulnerability in input handling during web page generation. The vulnerability is described as XSS in the plugin, but exploitation status and a mitigation/fix are not provided in the ...

CVE-2025-31864

CVE-2025-31864 is a stored XSS in the Beam me up Scotty WordPress plugin (Back to Top Button) affecting versions from n/a through 1.0.23; description confirms improper input handling leading to XSS. Connected sources also reference Beam me up Scotty and do not provide a patch version or mitigatio...

CVE-2025-31851 WordPress Beds24 Online Booking plugin <= 2.0.27 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in markkinchin Beds24 Online Booking beds24-online-booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through = 2.0.27...

CVE-2025-31849 WordPress Nemesis All-in-One plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fbtemplates Nemesis All-in-One nemesis-all-in-one allows Stored XSS.This issue affects Nemesis All-in-One: from n/a through = 1.1.3...

CVE-2025-31837 WordPress WP Proposals plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Codeus WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3...

CVE-2025-31762 WordPress Sheet2Site plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andreyazimov Sheet2Site allows Stored XSS. This issue affects Sheet2Site: from n/a through 1.0.18...

CVE-2025-30798 WordPress Better WishList API plugin <= 1.1.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rickonlinenl Better WishList API better-wlm-api allows Reflected XSS.This issue affects Better WishList API: from n/a through = 1.1.4...

CVE-2025-31543 WordPress Twice Commerce plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Twice Commerce Twice Commerce embed-rentle allows DOM-Based XSS.This issue affects Twice Commerce: from n/a through = 1.3.1...

CVE-2025-30961 WordPress Trackserver plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tinuzz Trackserver trackserver allows DOM-Based XSS.This issue affects Trackserver: from n/a through = 5.1.0...

CVE-2025-31471 WordPress Duplicate Page and Post plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Falcon Solutions Duplicate Page and Post duplicate-post-and-page allows Stored XSS.This issue affects Duplicate Page and Post: from n/a through = 1.0...

CVE-2025-31075 WordPress MicroPayments plugin <= 2.9.29 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in videowhisper MicroPayments paid-membership allows Stored XSS.This issue affects MicroPayments: from n/a through = 2.9.29...

CVE-2025-31102

CVE-2025-31102 affects the WordPress plugin Hostel (versions up to 1.1.5.5). It is a Reflected Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. The impact is reflected script execution in a victim’s browser when a crafted URL is visited. Remed...

CVE-2025-30860 WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus Slidebars off-canvas-sidebars allows DOM-Based XSS.This issue affects Off-Canvas Sidebars & Menus Slidebars: from n/a through = 0.5.8.2...

CVE-2025-23704 WordPress Your Lightbox plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Reuven Karasik Your Lightbox your-lightbox allows Reflected XSS.This issue affects Your Lightbox: from n/a through = 1.0...

CVE-2024-10703

The CVE-2024-10703 entry concerns the WordPress plugin Registrations for The Events Calendar (pre-2.13.4). The issue is that the plugin does not sanitize/escape certain settings, which could allow stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as i...

PT-2025-12752 · WordPress · Simple Banner

Name of the Vulnerable Software and Affected Versions: The Simple Banner WordPress plugin versions prior to 3.0.4 Description: The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example i...

CVE-2025-30602 WordPress Related Posts via Categories plugin <= 2.1.2 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alphasis Related Posts via Categories related-posts-via-categories allows Stored XSS.This issue affects Related Posts via Categories: from n/a through = 2.1.2...

CVE-2024-12611

The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...