Export limit exceeded: 43910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43910 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67542 | 3 Silkypress, Woocommerce, Wordpress | 3 Multi Step Checkout For Woocommerce, Woocommerce, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SilkyPress Multi-Step Checkout for WooCommerce wp-multi-step-checkout allows DOM-Based XSS.This issue affects Multi-Step Checkout for WooCommerce: from n/a through <= 2.33. | ||||
| CVE-2025-67541 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-ShowHide wp-showhide allows Stored XSS.This issue affects WP-ShowHide: from n/a through <= 1.05. | ||||
| CVE-2025-67539 | 2 Select-themes, Wordpress | 2 Stockholm Core, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through < 2.6. | ||||
| CVE-2025-67538 | 2 Jnews, Wordpress | 2 Jnews, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews Gallery jnews-gallery allows Stored XSS.This issue affects JNews Gallery: from n/a through < 12.0.1. | ||||
| CVE-2025-67537 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Stored XSS.This issue affects ThirstyAffiliates: from n/a through <= 3.11.8. | ||||
| CVE-2025-67536 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through <= 4.2.9.4. | ||||
| CVE-2025-67533 | 2 Themify, Wordpress | 2 Portfolio Post, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Portfolio Post themify-portfolio-post allows Stored XSS.This issue affects Themify Portfolio Post: from n/a through <= 1.3.0. | ||||
| CVE-2025-66119 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.9. | ||||
| CVE-2025-66118 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through <= 3.2.1. | ||||
| CVE-2025-66111 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through <= 1.3.0. | ||||
| CVE-2025-66103 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revmakx WPCal.Io allows DOM-Based XSS.This issue affects WPCal.Io: from n/a through 0.9.5.9. | ||||
| CVE-2025-66094 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yada Wiki yada-wiki allows Stored XSS.This issue affects Yada Wiki: from n/a through 3.5. | ||||
| CVE-2025-66093 | 2 Hupe13, Wordpress | 2 Extensions For Leaflet Map, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through <= 4.8. | ||||
| CVE-2025-66092 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.This issue affects Accordion Slider: from n/a through <= 1.9.13. | ||||
| CVE-2025-66081 | 2 Jeff Starr, Wordpress | 2 Head Meta Data, Wordpress | 2026-01-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through <= 20250327. | ||||
| CVE-2025-66067 | 2 Funnelkit, Wordpress | 2 Funnel Builder, Wordpress | 2026-01-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.13.1.2. | ||||
| CVE-2025-66066 | 2 Envothemes, Wordpress | 2 Envo Extra, Wordpress | 2026-01-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through <= 1.9.11. | ||||
| CVE-2025-66057 | 2 Bold-themes, Wordpress | 2 Bold Page Builder, Wordpress | 2026-01-20 | 6.3 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2. | ||||
| CVE-2025-66053 | 2 Kriesi, Wordpress | 2 Enfold, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects Enfold: from n/a through <= 7.1.2. | ||||
| CVE-2025-64376 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through < 2.9.10. | ||||