Filtered by CWE-79

Search

Switch to Advanced Search (Beta)
Total 39144 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-50581 1 Mrcms 1 Mrcms 2025-09-23 4.8 Medium
MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do.
CVE-2025-58018 2 Richard Leishman, Wordpress 2 Mail Subscribe List, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Leishman Mail Subscribe List allows Stored XSS. This issue affects Mail Subscribe List: from n/a through 2.1.10.
CVE-2025-58017 2 Bdthemes, Wordpress 2 Utlimate Store Kit Elementor Addons, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Stored XSS. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.8.2.
CVE-2025-58002 2 Bbpress, Wordpress 2 Bbpress, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD bbPress Tools allows DOM-Based XSS. This issue affects GD bbPress Tools: from n/a through 3.5.3.
CVE-2025-58001 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noumaan Yaqoob Compact Archives allows Stored XSS. This issue affects Compact Archives: from n/a through 4.1.0.
CVE-2025-57999 2 Wordpress, Wpkoi 2 Wordpress, Wpkoi Templates For Elementor 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpkoithemes WPKoi Templates for Elementor allows DOM-Based XSS. This issue affects WPKoi Templates for Elementor: from n/a through 3.4.1.
CVE-2025-57998 1 Wordpress 1 Wordpress 2025-09-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hamid Reza Yazdani E-namad & Shamed Logo Manager allows Stored XSS. This issue affects E-namad & Shamed Logo Manager: from n/a through 2.2.
CVE-2025-57996 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9.
CVE-2025-57989 2 Brajesh Singh, Wordpress 2 Wordpress Widgets Shortcode, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brajesh Singh WordPress Widgets Shortcode allows Stored XSS. This issue affects WordPress Widgets Shortcode: from n/a through 1.0.3.
CVE-2025-57988 2 Uncannyowl, Wordpress 2 Uncanny Toolkit For Learndash, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.0.7.3.
CVE-2025-57986 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP Subtitle allows Stored XSS. This issue affects WP Subtitle: from n/a through 3.4.1.
CVE-2025-57938 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themewant Easy Hotel Booking allows DOM-Based XSS. This issue affects Easy Hotel Booking: from n/a through 1.6.9.
CVE-2025-57935 1 Wordpress 1 Wordpress 2025-09-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ricky Dawn Bot Block – Stop Spam Referrals in Google Analytics allows Stored XSS. This issue affects Bot Block – Stop Spam Referrals in Google Analytics: from n/a through 2.6.
CVE-2025-57932 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Diego Pereira PowerFolio allows Stored XSS. This issue affects PowerFolio: from n/a through 3.2.1.
CVE-2025-57904 3 Woocommerce, Wordpress, Wp-experts 3 Woocommerce, Wordpress, Sales Count Manager 2025-09-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-EXPERTS.IN Sales Count Manager for WooCommerce allows Stored XSS. This issue affects Sales Count Manager for WooCommerce: from n/a through 2.5.
CVE-2025-59590 2 Davidlingren, Wordpress 2 Media Library Assistant, Wordpress 2025-09-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a through 3.28.
CVE-2025-59589 2 Pencidesign, Wordpress 2 Soledad, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad allows DOM-Based XSS. This issue affects Soledad: from n/a through 8.6.8.
CVE-2025-59587 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance allows DOM-Based XSS. This issue affects Penci Shortcodes & Performance: from n/a through n/a.
CVE-2025-59586 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Portfolio allows DOM-Based XSS. This issue affects Penci Portfolio: from n/a through 3.5.
CVE-2025-59574 2 Wordpress, Wptravelengine 2 Wordpress, Wp Travel Engine 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel Engine WP Travel Engine allows Stored XSS. This issue affects WP Travel Engine: from n/a through 1.4.2.