Total
38070 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28975 | 2 Redqteam, Wordpress | 2 Alike Wordpress Custom Post Comparison, Wordpress | 2025-08-16 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n/a through 3.0.1. | ||||
| CVE-2025-53575 | 3 Primersoftware, Woocommerce, Wordpress | 3 Primer Mydata For Woocommerce, Woocommerce, Wordpress | 2025-08-16 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyData for Woocommerce: from n/a through 4.2.5. | ||||
| CVE-2025-55709 | 2 Visualcomposer, Wordpress | 2 Visual Composer Website Builder, Wordpress | 2025-08-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through n/a. | ||||
| CVE-2025-54729 | 2 Webba-booking, Wordpress | 2 Webba Booking, Wordpress | 2025-08-16 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking allows Stored XSS. This issue affects Webba Booking: from n/a through 6.0.5. | ||||
| CVE-2025-54727 | 2 Cminds, Wordpress | 3 Cm On Demand Search And Replace, Cm Search And Replace, Wordpress | 2025-08-16 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Stored XSS. This issue affects CM On Demand Search And Replace: from n/a through 1.5.2. | ||||
| CVE-2024-37945 | 2 Wordpress, Wpbits | 2 Wordpress, Wpbits Addons For Elementor Page Builder | 2025-08-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5. | ||||
| CVE-2025-55711 | 2 Wordpress, Wptablebuilder | 2 Wordpress, Wp Table Builder | 2025-08-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Stored XSS. This issue affects WP Table Builder: from n/a through 2.0.12. | ||||
| CVE-2025-8867 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2025-08-16 | 6.4 Medium |
| The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. This is due to insufficient input sanitization and output escaping on user supplied attributes such as chart categories, titles, and tooltip settings. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8604 | 1 Wordpress | 1 Wordpress | 2025-08-16 | 6.4 Medium |
| The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8720 | 1 Wordpress | 1 Wordpress | 2025-08-16 | 6.4 Medium |
| The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8080 | 1 Wordpress | 1 Wordpress | 2025-08-16 | 4.4 Medium |
| The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-5844 | 1 Wordpress | 1 Wordpress | 2025-08-16 | 6.4 Medium |
| The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8451 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2025-08-16 | 6.4 Medium |
| The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8934 | 1 1000projects | 1 Sales Management System | 2025-08-15 | 4.3 Medium |
| A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8933 | 1 1000projects | 1 Sales Management System | 2025-08-15 | 4.3 Medium |
| A vulnerability was identified in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8920 | 1 Portabilis | 1 I-diario | 2025-08-15 | 2.4 Low |
| A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8919 | 1 Portabilis | 1 I-diario | 2025-08-15 | 2.4 Low |
| A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-43238 | 1 Wedevs | 1 Wemail | 2025-08-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5. | ||||
| CVE-2024-43958 | 1 Gianni-porto | 1 Intothedark | 2025-08-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.This issue affects IntoTheDark: from n/a through 1.0.5. | ||||
| CVE-2025-20180 | 1 Cisco | 24 Asyncos, Secure Email, Secure Email And Web Manager and 21 more | 2025-08-15 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Operator. | ||||