CVE-2026-5357

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdmmembers' shortcode in versions up to and including 3.3.52. This is due to insufficient input sanitization and output escaping on the user-supplied 'sid' shortcode attribute...

CVE-2025-67630 WordPress WH Tweaks plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webheadcoder WH Tweaks wh-tweaks allows Stored XSS.This issue affects WH Tweaks: from n/a through = 1.0.2...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-63645

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...

PT-2024-39372 · WordPress · Wp Gpx Map

Name of the Vulnerable Software and Affected Versions: WP GPX Maps plugin for WordPress versions up to, and including, 1.7.08 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode due to insufficient input sanitization and output escaping on...

WordPress EleForms plugin <= 2.9.9.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin EleForms versions = 2.9.9.7...

CVE-2023-35779

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Seed Webs Seed Fonts plugin = 2.3.1 versions...