1118322 matches found
CVE-2026-57379
The CVE-2026-57379 entry is for the WordPress FormyChat plugin (WPPOOL FormyChat social-contact-form) with a stored XSS in versions up to 2.15.3 due to improper input neutralization during web page generation. Affected product: FormyChat plugin (
CVE-2026-57368
CVE-2026-57368 concerns the NooTheme Jobmonster WordPress theme (noo-jobmonster) with a reflected Cross-Site Scripting (XSS) vulnerability described as caused by improper neutralization of input during web page generation. Affected version range is Jobmonster up to and including 4.8.5. The vulner...
CVE-2026-57383
CVE-2026-57383 affects the WordPress plugin JobSearch (wp-jobsearch) up to version 3.2.9 . The vulnerability is a Stored XSS due to improper neutralization of input during web page generation . Impact details are limited to the XSS outcome stated; the connected documents do not provide exploitati...
CVE-2026-57365
The CVE-2026-57365 entry concerns the WordPress plugin “reCAPTCHA (v2 & v3) for Asgaros Forum” (versions ≤ 1.1.0). According to the provided documents, the vulnerability is a DOM-based Cross-Site Scripting (XSS) issue caused by improper neutralization of input during web page generation. The affe...
CVE-2026-57363
The CVE-2026-57363 entry documents a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress ChatBot plugin, affecting versions up to 8.3.7. The issue arises from improper neutralization of input during web page generation, enabling XSS when data is rendered. Affected component: the Chat...
CVE-2026-57381
The CVE describes a Reflected Cross-Site Scripting vulnerability in the WordPress PropertyHive plugin (PropertyHive) for versions
CVE-2026-57369
CVE-2026-57369 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Themify Builder (versions up to and including 7.7.4). The issue arises from improper neutralization of user input during web page generation, enabling an attacker to inject script via crafted input that...
CVE-2026-57380
The CVE-2026-57380 entry concerns WordPress Extensions for Leaflet Map (extensions-leaflet-map) with versions up to and including 5.1. It describes an improper neutralization of user input during web page generation, enabling DOM-based cross-site scripting (XSS). Affected component: the Extension...
CVE-2026-57388
CVE-2026-57388 describes a Stored XSS vulnerability in Themefic Hydra Booking (WordPress Hydra Booking plugin, hydra-booking) affecting versions up to and including 1.1.44. The root cause is improper neutralization of input during web page generation. Impact is cross-site scripting with low to mo...
CVE-2026-57387
CVE-2026-57387 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin picu (versions up to and including 3.5.1). The issue arises from improper neutralization of input during web page generation, enabling an attacker to inject malicious scripts that are stored and later rend...
Vulnerabilities are being addressed in the Progress MOVEit Transfer process.
Progress has addressed vulnerabilities in MOVEit Transfer, specifically in the Custom Reports module and the Ad Hoc module. These vulnerabilities affect multiple versions of MOVEit Transfer, including 25.0.0 to 25.0.7, 25.1.0 to 25.1.3, and 26.0.0 just before 26.0.1. One vulnerability in the Cust...
CVE-2026-57829
The CVE concerns the Joomla extension Helix Ultimate (vulnerable component: the Helix Ultimate plugin) with an unauthenticated stored XSS in versions prior to 2.2.7. According to the shared metrics, the vulnerability has a CVSS 4.0 base score of 8.7 (HIGH) with network access, low attack complexi...
Popup by Supsystic <1.10.5 - Cross-Site scripting
WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting issue. id: CVE-2021-24275 info: name: Popup by Supsystic 1.10.5 - Cross-Site scripting author: dhiyaneshDK severity:...
Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via 1 the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to 2 wizards/common/logintowizard.cfm, 3...
Devalcms 1.4a - Cross-Site Scripting
Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file. id: CVE-2008-6982 info: name: Devalcms 1.4a - Cross-Site Scripting author: arafatansari severity: medium description: | Devalcms 1.4a contains a cross-site scripting vulnerability in th...
WP Planet <= 0.1 - Cross-Site Scripting
A cross-site scripting vulnerability in rss.class/scripts/magpiedebug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-4592 info: name: WP Planet = 0.1 - Cross-Site Scripting author:...
WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. id: CVE-2012-4242 info: name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting author:...
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...
WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
A cross-site scripting vulnerability in js/taloaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." id: CVE-2013-3526 info: name: WordPress Plugin Traffic Analyzer - 'aoid'...
WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to app/view/agenda-widget-form.php; 2 args, 3 title, 4 beforetitle, or 5 aftertitle parameter to...