CVE-2025-3669

The CVE-2025-3669 entry concerns the WordPress plugin Supreme Addons for Beaver Builder. A Stored Cross-Site Scripting vulnerability exists in the auto_qrcodesabb shortcode due to insufficient input sanitization and output escaping on user-supplied attributes, affecting all versions up to 1.0.9. ...

CVE-2025-6387 WP Get The Table <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

The WP Get The Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...

CVE-2025-7495

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmemloginlink' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2025-4968 WPBakery Page Builder <= 8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Page Builder Elements

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements Copyright Element, Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action, Progress Bar, Pie Chart, Round Chart, and Line...

Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

CVE-2025-50481

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-50481

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-51401

A stored cross-site scripting XSS vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter...

CVE-2025-51398

A stored cross-site scripting XSS vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-7354

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

PT-2025-30333 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: Live Helper Chat version 4.60 Description: A stored cross-site scripting XSS vulnerability exists in the chat transfer function. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the operator name...

CVE-2025-51396

CVE-2025-51396 concerns a stored XSS in Live Helper Chat (LHChat) versions up to 4.60/4.61. The vulnerability arises from insufficient validation of the Telegram Bot Username parameter, allowing an attacker to inject and store a payload that can execute scripts when admins view or edit the Telegr...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-51397

CVE-2025-51397 is a stored XSS in Live Helper Chat (Facebook Chat module) affecting version 4.60 (and around 4.61 according to some sources). The vulnerability occurs when an attacker injects a crafted payload into the Recipient List’s Surname field, which is stored and can execute script when an...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-50126

A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jformtagstext parameter...