Export limit exceeded: 45499 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45499 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14453 | 2 Ruhul080, Wordpress | 2 My Album Gallery, Wordpress | 2026-04-15 | 6.4 Medium |
| The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style_css' shortcode attribute in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23811 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ghasemy14 WP2APP wp2appir allows Reflected XSS.This issue affects WP2APP: from n/a through <= 2.6.2. | ||||
| CVE-2025-23812 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows Reflected XSS.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through <= 1.2.1. | ||||
| CVE-2025-60374 | 1 Perfexcrm | 1 Perfex Crm | 2026-04-15 | 6.1 Medium |
| Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A different vulnerability than CVE-2024-8867. | ||||
| CVE-2025-23813 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tony Hayes Guten Free Options guten-free-options allows Reflected XSS.This issue affects Guten Free Options: from n/a through <= 0.9.7. | ||||
| CVE-2025-53195 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.0. | ||||
| CVE-2024-56297 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Highlight highlight allows Stored XSS.This issue affects Highlight: from n/a through <= 2.0.2. | ||||
| CVE-2025-23984 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Reflected XSS.This issue affects Dynamic URL SEO: from n/a through <= 1.0. | ||||
| CVE-2025-47443 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: from n/a through <= 2.7.4. | ||||
| CVE-2025-14436 | 3 Neeraj Slit, Woocommerce, Wordpress | 3 Brevo For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | 7.2 High |
| The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’ parameter in all versions up to, and including, 4.0.49 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23986 | 2 Fyrewurks, Wordpress | 2 Tiki Time, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks Tiki Time allows Reflected XSS.This issue affects Tiki Time: from n/a through 1.3. | ||||
| CVE-2025-60249 | 1 Circl | 1 Vulnerability-lookup | 2026-04-15 | 6.4 Medium |
| vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting (XSS) vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and Sightings components. Untrusted data was not properly sanitized before being rendered in templates and tables, which could allow attackers to inject arbitrary JavaScript into the application. The issue was due to unsafe use of innerHTML and insufficient validation of dynamic URLs and model fields. This vulnerability has been fixed by escaping untrusted data, replacing innerHTML assignments with safer DOM methods, encoding URLs with encodeURIComponent, and improving input validation in the affected models. | ||||
| CVE-2024-56298 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob @ 5 Star Plugins Pretty Simple Popup Builder pretty-simple-popup-builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through <= 1.0.9. | ||||
| CVE-2025-23988 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4. | ||||
| CVE-2024-56299 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pektsekye Notify Odoo notify-odoo allows Stored XSS.This issue affects Notify Odoo: from n/a through <= 1.0.0. | ||||
| CVE-2025-23995 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through 1.0.0.5. | ||||
| CVE-2025-67918 | 2 Wofficeio, Wordpress | 2 Woffice Core, Wordpress | 2026-04-15 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through <= 5.4.30. | ||||
| CVE-2025-44206 | 2026-04-15 | 4.6 Medium | ||
| Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264 and Hexagon HxGN OnCall Dispatch Advantage (Mobile) v10.2402 are vulnerable to Cross Site Scripting (XSS) which allows a remote authenticated attacker with access to the Broadcast (Person) functionality to execute arbitrary code. | ||||
| CVE-2025-23997 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tamara Solution Tamara Checkout tamara-checkout allows Stored XSS.This issue affects Tamara Checkout: from n/a through < 1.9.9.1. | ||||
| CVE-2025-49958 | 3 Robokassa, Woocommerce, Wordpress | 3 Payment Gateway For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through <= 1.8.5. | ||||