CVE-2025-51534

OpenAtlas v8.11.0 from Austrian Archaeological Institute is affected by a cross-site scripting (XSS) issue that allows injecting a crafted payload into the Name field to execute arbitrary web scripts/HTML. CVSS v3.1 base score 8.1 (HIGH) with NETWORK attack vector, low attack complexity, user int...

CVE-2025-6228

The Sina Extension for Elementor Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Sina Posts, Sina Blog Post and Sina Table widgets in all...

CVE-2025-8317

The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-8146

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-31722 · WordPress · Qi Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to and including 1.9.2 Description: The Qi Addons For Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the TypeOut Text widget. Insufficient input...

CVE-2025-45778

A stored cross-site scripting XSS vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field...

CVE-2025-6228 Sina Extension for Elementor <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Sina Posts`, `Sina Blog Post` and `Sina Table` Widgets

The Sina Extension for Elementor Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Sina Posts, Sina Blog Post and Sina Table widgets in all...

CVE-2025-6228

CVE-2025-6228 – Sina Extension for Elementor (WordPress) Vulnerability: Stored Cross-Site Scripting (XSS) via the Sina Posts, Sina Blog Post, and Sina Table widgets. Products/versions affected: Sina Extension for Elementor (Header Builder, Footer Builder, Theme Builder, Slider, Gallery, Form, Mod...

CVE-2025-7845

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

PT-2025-31655

Name of the Vulnerable Software and Affected Versions The Language Sloth Web Application version 1.0 Description A stored cross-site scripting XSS vulnerability exists in The Language Sloth Web Application. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted...

CVE-2025-5684

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mf-template DOM Element in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-26064

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device...

CVE-2025-6692

The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-7811

The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2025-8216

The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2025-7810

CVE-2025-7810 concerns the StreamWeasels Kick Integration plugin for WordPress (versions up to and including 1.1.4). The vulnerability is a Stored Cross-Site Scripting flaw via the plugin’s data-uuid attribute caused by insufficient input sanitization and output escaping. Exploitation requires au...

CVE-2025-4968

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements Copyright Element, Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action, Progress Bar, Pie Chart, Round Chart, and Line...

CVE-2025-50481

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

CVE-2025-45406

CodeIgniter4 v4.6.0 is affected by a stored XSS vulnerability in the debugbar_time parameter. The issue is described as enabling arbitrary web scripts or HTML, with a note that the supplier disputes exploitability since the value of debugbar_time may not be controllable and data is escaped by the...

CVE-2025-6588 FunnelCockpit <= 1.4.3 - Reflected Cross-Site Scripting via `error` Parameter

The FunnelCockpit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘error’ parameter in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...