Export limit exceeded: 344803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10460 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45414 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45414 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4219 | 2026-04-15 | 6.4 Medium | ||
| The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-32646 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Question Answer question-answer allows Reflected XSS.This issue affects Question Answer: from n/a through <= 1.2.70. | ||||
| CVE-2025-4220 | 2026-04-15 | 6.4 Medium | ||
| The Xavin's List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-55072 | 1 Neojapan | 1 Desknet Neo | 2026-04-15 | N/A |
| Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser. | ||||
| CVE-2025-49397 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Colorbox Lightbox wp-colorbox allows Stored XSS.This issue affects Colorbox Lightbox: from n/a through <= 1.1.5. | ||||
| CVE-2025-23839 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asif Shakeel Sticky Button sticky-chat-button allows Stored XSS.This issue affects Sticky Button: from n/a through <= 1.0. | ||||
| CVE-2025-69392 | 2 Itex, Wordpress | 2 Imoney, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itex iMoney imoney allows Reflected XSS.This issue affects iMoney: from n/a through <= 0.36. | ||||
| CVE-2024-35592 | 1 Bluexsx | 1 Box-im | 2026-04-15 | 9.6 Critical |
| An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2025-0420 | 1 Parasut Software | 1 Parasut | 2026-04-15 | 4.7 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Paraşüt allows Cross-Site Scripting (XSS).This issue affects Paraşüt: from 0.0.0.65efa44e through 20250204. | ||||
| CVE-2025-22822 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bishawjit-das wp custom countdown wp-custom-countdown allows Stored XSS.This issue affects wp custom countdown: from n/a through <= 2.8. | ||||
| CVE-2025-58665 | 2 Tmontg1, Wordpress | 2 Form Generator, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmontg1 Form Generator for WordPress form-generator-powered-by-jotform allows Stored XSS.This issue affects Form Generator for WordPress: from n/a through <= 1.52. | ||||
| CVE-2025-32651 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in serpednet SERPed.net serped-net allows Reflected XSS.This issue affects SERPed.net: from n/a through <= 4.6. | ||||
| CVE-2025-23606 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sebkay Calendi calendi allows Reflected XSS.This issue affects Calendi: from n/a through <= 1.1.1. | ||||
| CVE-2025-60950 | 1 Aixblock | 1 Aixblock | 2026-04-15 | 6.1 Medium |
| An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file. | ||||
| CVE-2025-8293 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Intl DateTime Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘date’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23825 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osuthorpe Easy Shortcode Buttons easy-shortcode-buttons allows Stored XSS.This issue affects Easy Shortcode Buttons: from n/a through <= 1.2. | ||||
| CVE-2025-55134 | 1 Agora Foundation | 1 Agora | 2026-04-15 | 6.4 Medium |
| In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/js/editorManager.js. | ||||
| CVE-2025-23582 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haider Ali Bulk Categories Assign bulk-categories-assign allows Reflected XSS.This issue affects Bulk Categories Assign: from n/a through <= 1.0. | ||||
| CVE-2025-32653 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lee Blue Cart66 Cloud cart66-cloud allows Reflected XSS.This issue affects Cart66 Cloud: from n/a through <= 2.3.7. | ||||
| CVE-2025-0431 | 1 Proofpoint | 1 Enterprise Protection | 2026-04-15 | 5.8 Medium |
| Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively. | ||||