Export limit exceeded: 11308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45426 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45426 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51616 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rupok AwesomePress awesomepress allows Stored XSS.This issue affects AwesomePress: from n/a through <= 1.0. | ||||
| CVE-2025-13898 | 2 Sozan45, Wordpress | 2 Ultra Skype Button, Wordpress | 2026-04-15 | 6.4 Medium |
| The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_id' parameter of the [ultra_skype] shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-32544 | 2 Netgsm, Wordpress | 2 Netgsm, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through 2.8. | ||||
| CVE-2025-48170 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-addon-visual-composer allows Reflected XSS.This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through <= 3.2.1. | ||||
| CVE-2025-22361 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Opentracker Opentracker Analytics opentracker-analytics allows Reflected XSS.This issue affects Opentracker Analytics: from n/a through <= 1.3. | ||||
| CVE-2025-22714 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Reflected XSS.This issue affects Mobile DJ Manager: from n/a through <= 1.7.5.6. | ||||
| CVE-2024-12337 | 2026-04-15 | 6.1 Medium | ||
| The Shipping via Planzer for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘processed-ids’ parameter in all versions up to, and including, 1.0.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-53330 | 2 Wordpress, Wpestate | 2 Wordpress, Wp Rentals | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals wprentals allows Stored XSS.This issue affects WP Rentals: from n/a through <= 3.16.1. | ||||
| CVE-2025-55072 | 1 Neojapan | 1 Desknet Neo | 2026-04-15 | N/A |
| Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser. | ||||
| CVE-2025-1888 | 2026-04-15 | 4.6 Medium | ||
| The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript. | ||||
| CVE-2025-13896 | 2 Wordpress, Wpdiscover | 2 Wordpress, Social Feed Gallery Portfolio | 2026-04-15 | 6.4 Medium |
| The Social Feed Gallery Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [igp-wp] shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-58659 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ helpie-faq allows Retrieve Embedded Sensitive Data.This issue affects Helpie FAQ: from n/a through <= 1.45. | ||||
| CVE-2024-51870 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dragwyb Ultimate Flipbox Addon for Elementor ultimate-flipbox-addon-for-elementor allows Stored XSS.This issue affects Ultimate Flipbox Addon for Elementor: from n/a through 1.0.4. | ||||
| CVE-2025-5286 | 2026-04-15 | 6.4 Medium | ||
| The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-13137 | 3 Delabon, Woocommerce, Wordpress | 3 Woomotiv, Woocommerce, Wordpress | 2026-04-15 | 6.1 Medium |
| The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'woomotiv_limit' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-54046 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator ql-cost-calculator allows Stored XSS.This issue affects Cost Calculator: from n/a through <= 7.4. | ||||
| CVE-2025-32628 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Crowdfunding for WooCommerce crowdfunding-for-woocommerce allows Reflected XSS.This issue affects Crowdfunding for WooCommerce: from n/a through <= 3.1.12. | ||||
| CVE-2025-42973 | 2026-04-15 | 5.4 Medium | ||
| Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting requests, malicious script can be injected and subsequently executed when a user loads the affected page. This results in a limited impact on the confidentiality and integrity of user session information, while availability remains unaffected. | ||||
| CVE-2025-22326 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5centsCDN 5centsCDN 5centscdn allows Reflected XSS.This issue affects 5centsCDN: from n/a through <= 25.4.15. | ||||
| CVE-2024-51851 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salehattari best bootstrap widgets for elementor best-bootstrap-widgets-for-elementor allows DOM-Based XSS.This issue affects best bootstrap widgets for elementor: from n/a through <= 1.0. | ||||