CVE-2025-23555 WordPress Ui Slider Filter By Price plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chenyenming Ui Slider Filter By Price ui-slider-filter-by-price allows Reflected XSS.This issue affects Ui Slider Filter By Price: from n/a through = 1.1...

CVE-2024-13851

CVE-2024-13851 concerns the WordPress plugin Modal Portfolio. The vulnerability is a Stored Cross-Site Scripting (XSS) in versions up to 1.7.4.2, caused by insufficient input sanitization and output escaping. It requires an attacker with Administrator-level privileges to inject scripts that execu...

CVE-2024-13728 Accept Donations with PayPal & Stripe <= 1.4.4 - Reflected Cross-Site Scripting

The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

CVE-2024-13735 HurryTimer <= 2.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Name

The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. This makes it possible...

CVE-2025-0862

The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-7485

The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in the 'UserWebStat' AJAX function in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-24576

CVE-2025-24576 — WordPress Landing Page Cat plugin

CVE-2024-13223

CVE-2024-13223 concerns the WordPress Tabulate plugin (

CVE-2024-12177

The CVE-2024-12177 entry concerns the WordPress plugin Ai Image Alt Text Generator for WP. It is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to 1.0.2 due to insufficient input sanitization and output escaping. This enables unauthenticated attackers to in...

CVE-2025-23727 WordPress AZ Content Finder plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in antonzaroutski AZ Content Finder az-content-finder allows Reflected XSS.This issue affects AZ Content Finder: from n/a through = 0.1...

CVE-2025-23897 WordPress Apply with LinkedIn buttons plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivobrett Apply with LinkedIn buttons apply-with-linkedin-buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through = 2.3...

CVE-2025-23513 WordPress Bible Embed plugin <= 0.0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in jd7777 Bible Embed bible-embed allows Stored XSS.This issue affects Bible Embed: from n/a through = 0.0.4...

CVE-2025-22781 WordPress Nativery Plugin plugin <= 0.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nativery Developer Nativery allows DOM-Based XSS.This issue affects Nativery: from n/a through 0.1.6...

CVE-2024-13394

The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11892

CVE-2024-11892 affects Accordion Slider Lite for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s accordion_slider shortcode, exploitable via user-supplied attributes. It affects all versions up to 1.5.1 and requires authenticated access at contributor level or ...

CVE-2024-11327

The Connected PATCHSTACK entry confirms CVE-2024-11327 affects the WordPress plugin ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages, with a Reflected Cross-Site Scripting vulnerability caused by insufficient escaping of add_query_arg and remove_query_a...

CVE-2024-12731 aklamator-infeed <= 2.0.0 - Reflected XSS

The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-56263 WordPress GS Shots for Dribbble plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GS Plugins GS Shots for Dribbble gs-dribbble-portfolio allows DOM-Based XSS.This issue affects GS Shots for Dribbble: from n/a through = 1.2.0...

CVE-2024-56237 WordPress Contest Gallery plugin <= 24.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3...

CVE-2024-11896

The Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'textprompter' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied...