Total
38551 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32950 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.This issue affects WP Media Category Management: from n/a through 2.2. | ||||
| CVE-2025-43836 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in confuzzledduck Syndicate Out allows Reflected XSS.This issue affects Syndicate Out: from n/a through 0.9. | ||||
| CVE-2024-12598 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23524 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ClickBank Storefront allows Reflected XSS. This issue affects ClickBank Storefront: from n/a through 1.7. | ||||
| CVE-2024-34767 | 2 Hasthemes, Wordpress | 2 Shoplentor, Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through 2.8.7. | ||||
| CVE-2024-54260 | 2 Blazethemes, Wordpress | 2 News Kit Elementor Addons, Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlazeThemes News Kit Elementor Addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through 1.2.2. | ||||
| CVE-2024-51933 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christian Ladewig Cookie Nonsense for YT allows DOM-Based XSS.This issue affects Cookie Nonsense for YT: from n/a through 1.2.0. | ||||
| CVE-2025-23565 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Wibstats allows Reflected XSS. This issue affects Wibstats: from n/a through 0.5.5. | ||||
| CVE-2024-54335 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZebraSoft Monaco ImmoToolBox Connect allows Reflected XSS.This issue affects ImmoToolBox Connect: from n/a through 1.3.3. | ||||
| CVE-2024-11424 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Slick Sitemap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slick-sitemap' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23984 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainvireinfo Dynamic URL SEO allows Reflected XSS. This issue affects Dynamic URL SEO: from n/a through 1.0. | ||||
| CVE-2024-11825 | 2 Broadstreetads, Wordpress | 2 Broadstreet, Wordpress | 2025-07-13 | 6.4 Medium |
| The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘zone’ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-47662 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox allows Stored XSS. This issue affects Woobox: from n/a through 1.6. | ||||
| CVE-2024-56034 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irshad Services updates for customers allows Reflected XSS.This issue affects Services updates for customers: from n/a through 1.0. | ||||
| CVE-2024-11339 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-12153 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.1 Medium |
| The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-23479 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound melascrivi allows Reflected XSS. This issue affects melascrivi: from n/a through 1.4. | ||||
| CVE-2024-35631 | 2 Foliovision, Wordpress | 2 Fv Flowplayer Video Player, Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212. | ||||
| CVE-2025-46515 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Category Widget allows Reflected XSS. This issue affects Category Widget: from n/a through 2.0.2. | ||||
| CVE-2025-31864 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty – Back to Top Button allows Stored XSS. This issue affects Beam me up Scotty – Back to Top Button: from n/a through 1.0.23. | ||||