Total
39147 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57932 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Diego Pereira PowerFolio allows Stored XSS. This issue affects PowerFolio: from n/a through 3.2.1. | ||||
| CVE-2025-57904 | 3 Woocommerce, Wordpress, Wp-experts | 3 Woocommerce, Wordpress, Sales Count Manager | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-EXPERTS.IN Sales Count Manager for WooCommerce allows Stored XSS. This issue affects Sales Count Manager for WooCommerce: from n/a through 2.5. | ||||
| CVE-2025-59590 | 2 Davidlingren, Wordpress | 2 Media Library Assistant, Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a through 3.28. | ||||
| CVE-2025-59589 | 2 Pencidesign, Wordpress | 2 Soledad, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad allows DOM-Based XSS. This issue affects Soledad: from n/a through 8.6.8. | ||||
| CVE-2025-59587 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance allows DOM-Based XSS. This issue affects Penci Shortcodes & Performance: from n/a through n/a. | ||||
| CVE-2025-59586 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Portfolio allows DOM-Based XSS. This issue affects Penci Portfolio: from n/a through 3.5. | ||||
| CVE-2025-59574 | 2 Wordpress, Wptravelengine | 2 Wordpress, Wp Travel Engine | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel Engine WP Travel Engine allows Stored XSS. This issue affects WP Travel Engine: from n/a through 1.4.2. | ||||
| CVE-2025-59569 | 2 Cubewp, Wordpress | 2 Cubewp, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emraan Cheema CubeWP allows Stored XSS. This issue affects CubeWP: from n/a through 1.1.26. | ||||
| CVE-2025-59565 | 3 Woocommerce, Wordpress, Wp Swings | 3 Woocommerce, Wordpress, Upsell Order Bump Offer For Woocommerce | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce allows Stored XSS. This issue affects Upsell Order Bump Offer for WooCommerce: from n/a through 3.0.7. | ||||
| CVE-2025-59552 | 2 Pdfcrowd, Wordpress | 3 Save As Pdf, Save As Pdf Plugin, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Dev Team Save as PDF allows Stored XSS. This issue affects Save as PDF: from n/a through 4.5.2. | ||||
| CVE-2025-59549 | 2 Fatcatapps, Wordpress | 2 Getresponse Forms, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms allows Stored XSS. This issue affects GetResponse Forms: from n/a through 2.6.0. | ||||
| CVE-2025-58992 | 2 Implecode, Wordpress | 2 Product Catalog Simple, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple allows Stored XSS. This issue affects Product Catalog Simple: from n/a through 1.8.2. | ||||
| CVE-2025-58974 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.2. | ||||
| CVE-2025-58965 | 2 Agency Dominion, Wordpress | 2 Fusion Page Builder, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery allows Stored XSS. This issue affects Fusion Page Builder : Extension – Gallery: from n/a through 1.7.6. | ||||
| CVE-2025-58960 | 2 Brijeshk89, Wordpress | 2 Ip Based Login, Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.3. | ||||
| CVE-2025-59712 | 1 Snipeitapp | 1 Snipe-it | 2025-09-23 | 6.4 Medium |
| Snipe-IT before 8.1.18 allows XSS. | ||||
| CVE-2025-59715 | 1 Smseagle | 1 Smseagle | 2025-09-23 | 4.8 Medium |
| SMSEagle before 6.11 allows reflected XSS via a username or contact phone number. | ||||
| CVE-2025-59411 | 1 Cubecart | 1 Cubecart | 2025-09-23 | 5.4 Medium |
| CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent to the store admin. By submitting HTML in the Enquiry, the admin receives an email containing that HTML. This indicates user input is not being escaped or sanitized before being output in email (and possibly when re-rendering the form), leading to Cross-Site Scripting / HTML injection risk in email clients or admin UI. This issue has been patched in version 6.5.11. | ||||
| CVE-2025-59412 | 1 Cubecart | 1 Cubecart | 2025-09-23 | 5.4 Medium |
| CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed. An attacker can submit HTML tags inside the review description field. Once the administrator approves the review, the injected HTML is rendered on the product page for all visitors. This could be used to redirect users to malicious websites or to display unwanted content. This issue has been patched in version 6.5.11. | ||||
| CVE-2025-53455 | 3 Cashbill, Woocommerce, Wordpress | 3 Cashbill Woocommerce, Woocommerce, Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce allows Stored XSS. This issue affects CashBill.pl – Płatności WooCommerce: from n/a through 3.2.1. | ||||