Export limit exceeded: 45443 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45443 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23544 | 1 Heart5 | 1 Statpresscn | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in heart5 StatPressCN statpresscn allows Reflected XSS.This issue affects StatPressCN: from n/a through <= 1.9.1. | ||||
| CVE-2025-23539 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in surror Awesome Hooks awesome-hooks allows Reflected XSS.This issue affects Awesome Hooks: from n/a through <= 1.0.1. | ||||
| CVE-2025-32492 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliot Akira Admin Menu Post List admin-menu-post-list allows Stored XSS.This issue affects Admin Menu Post List: from n/a through <= 2.0.7. | ||||
| CVE-2025-12834 | 2 Wordpress, Zealousweb | 2 Wordpress, Accept Stripe Payments Using Contact Form 7 | 2026-04-15 | 6.1 Medium |
| The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failure_message' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-52774 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a through <= 2.15.06. | ||||
| CVE-2025-32609 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Reflected XSS.This issue affects Verowa Connect: from n/a through <= 3.0.4. | ||||
| CVE-2024-33695 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0. | ||||
| CVE-2025-32557 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rico Macchi WP Featured Screenshot wp-featured-screenshot allows Reflected XSS.This issue affects WP Featured Screenshot: from n/a through <= 1.3. | ||||
| CVE-2025-32507 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aakif Kadiwala Event Espresso – Custom Email Template Shortcode email-shortcode allows Reflected XSS.This issue affects Event Espresso – Custom Email Template Shortcode: from n/a through <= 1.0.0. | ||||
| CVE-2024-54303 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky Simple Payment simple-payment allows Reflected XSS.This issue affects Simple Payment: from n/a through <= 2.3.8. | ||||
| CVE-2024-34375 | 2 Wordpress, Wppool | 2 Wordpress, Sheets To Wp Table Live Sync | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0. | ||||
| CVE-2025-23543 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fomopay FOMO Pay Chinese Payment Solution fomo-payment-gateway-for-woocommerce allows Reflected XSS.This issue affects FOMO Pay Chinese Payment Solution: from n/a through <= 2.0.4. | ||||
| CVE-2025-58026 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in termageddon Termageddon: Cookie Consent & Privacy Compliance termageddon-usercentrics allows Stored XSS.This issue affects Termageddon: Cookie Consent & Privacy Compliance: from n/a through <= 1.8.1. | ||||
| CVE-2025-24745 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Classified Listing classified-listing allows Reflected XSS.This issue affects Classified Listing: from n/a through <= 4.0.1. | ||||
| CVE-2025-32488 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in آریا وردپرس Aria Font aria-font allows Stored XSS.This issue affects Aria Font: from n/a through <= 1.4. | ||||
| CVE-2025-39382 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector acf-google-font-selector-field allows Reflected XSS.This issue affects ACF: Google Font Selector: from n/a through <= 3.0.1. | ||||
| CVE-2025-67539 | 2 Select-themes, Wordpress | 2 Stockholm Core, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through < 2.6. | ||||
| CVE-2025-39365 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0. | ||||
| CVE-2024-33696 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet XPRESS WordPress Ad Widget allows Stored XSS.This issue affects WordPress Ad Widget: from n/a through 2.20.0. | ||||
| CVE-2025-39427 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beth Tucker Long WP Post to PDF Enhanced wp-post-to-pdf-enhanced allows Stored XSS.This issue affects WP Post to PDF Enhanced: from n/a through <= 1.1.1. | ||||