Total
38517 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54250 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prodigy Commerce Prodigy Commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through 3.0.8. | ||||
| CVE-2024-54299 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revi Revi.io allows Reflected XSS.This issue affects Revi.io: from n/a through 5.7.3. | ||||
| CVE-2024-51886 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takashi Matsuyama Posts Filter allows Stored XSS.This issue affects Posts Filter: from n/a through 1.3.1. | ||||
| CVE-2024-12870 | 1 Infiniflow | 1 Ragflow | 2025-07-13 | N/A |
| A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). The vulnerability allows an attacker to upload HTML/XML files that can host arbitrary JavaScript payloads. These files are served with the 'application/xml' content type, which is automatically rendered by browsers. This can lead to the execution of arbitrary JavaScript in the context of the user's browser, potentially allowing attackers to steal cookies and gain unauthorized access to user files and resources. The vulnerability does not require authentication, making it accessible to anyone with network access to the instance. | ||||
| CVE-2025-39555 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin allows Stored XSS. This issue affects Church Admin: from n/a through 5.0.23. | ||||
| CVE-2025-23459 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound NS Simple Intro Loader allows Reflected XSS. This issue affects NS Simple Intro Loader: from n/a through 2.2.3. | ||||
| CVE-2025-23678 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound LocalGrid allows Reflected XSS. This issue affects LocalGrid: from n/a through 1.0.1. | ||||
| CVE-2024-35639 | 2 Webliberty, Wordpress | 2 Simple Spoiler, Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS.This issue affects Simple Spoiler: from n/a through 1.2. | ||||
| CVE-2024-22299 | 2 Foliovision, Wordpress | 2 Fv Flowplayer Video Player, Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. | ||||
| CVE-2025-0353 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Divi Torque Lite – Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23904 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Rebrand Fluent Forms allows Reflected XSS. This issue affects Rebrand Fluent Forms: from n/a through 1.0. | ||||
| CVE-2025-22267 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruce Wampler Weaver Themes Shortcode Compatibility allows Stored XSS. This issue affects Weaver Themes Shortcode Compatibility: from n/a through 1.0.4. | ||||
| CVE-2025-22594 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder – Sándor Fodor Better User Shortcodes allows Reflected XSS.This issue affects Better User Shortcodes: from n/a through 1.0. | ||||
| CVE-2024-9111 | 2 Pickplugins, Wordpress | 2 Product Designer, Wordpress | 2025-07-13 | 6.4 Medium |
| The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2025-23584 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pin Locations on Map allows Reflected XSS. This issue affects Pin Locations on Map: from n/a through 1.0. | ||||
| CVE-2024-35170 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidden Depth Sticky banner allows Stored XSS.This issue affects Sticky banner: from n/a through 1.2.0. | ||||
| CVE-2025-23585 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo Goo.gl Url Shorter allows Reflected XSS. This issue affects Goo.gl Url Shorter: from n/a through 1.0.1. | ||||
| CVE-2024-30433 | 2 Multivendorx, Wordpress | 2 Wc Marketplace, Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Stored XSS.This issue affects WC Marketplace: from n/a through 4.1.3. | ||||
| CVE-2025-49299 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPlugged.com WebHotelier allows Stored XSS. This issue affects WebHotelier: from n/a through 1.9.2. | ||||
| CVE-2025-2577 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Bitspecter Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||