Export limit exceeded: 45518 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45518 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5240 | 2 Vcita, Wordpress | 2 Crm And Lead Management By Vcita, Wordpress | 2026-04-15 | 6.4 Medium |
| The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8079 | 2026-04-15 | 4.6 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.This issue affects Smart Trade E-Commerce: before 4.5.0.0.1. | ||||
| CVE-2024-2293 | 2 Geminilabs, Wordpress | 2 Site Reviews, Wordpress | 2026-04-15 | 6.4 Medium |
| The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2306 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure revslider can be extended to authors. | ||||
| CVE-2025-5301 | 2026-04-15 | 6.1 Medium | ||
| ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response. | ||||
| CVE-2025-48234 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.0. | ||||
| CVE-2025-48236 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net bunnycdn allows Stored XSS.This issue affects bunny.net: from n/a through <= 2.3.0. | ||||
| CVE-2025-12079 | 2 F1logic, Wordpress | 2 Wp Twitter Auto Publish, Wordpress | 2026-04-15 | 6.1 Medium |
| The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-48240 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Cost of Goods for WooCommerce cost-of-goods-for-woocommerce allows Stored XSS.This issue affects Cost of Goods for WooCommerce: from n/a through <= 3.7.0. | ||||
| CVE-2025-48244 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor exclusive-addons-for-elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through <= 2.7.9. | ||||
| CVE-2025-48249 | 1 Wpfactory | 1 Ean For Woocommerce | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Stored XSS.This issue affects EAN for WooCommerce: from n/a through <= 5.4.6. | ||||
| CVE-2025-53342 | 2 Goodlayers, Wordpress | 2 Modernize, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize modernize allows Stored XSS.This issue affects Modernize: from n/a through <= 3.4.0. | ||||
| CVE-2025-8143 | 2 Pencidesign, Wordpress | 2 Soledad, Wordpress | 2026-04-15 | 6.4 Medium |
| The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-48250 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Coupons & Add to Cart by URL Links for WooCommerce url-coupons-for-woocommerce-by-algoritmika allows Stored XSS.This issue affects Coupons & Add to Cart by URL Links for WooCommerce: from n/a through <= 1.7.7. | ||||
| CVE-2025-5529 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Educenter theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Circle Counter Block in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-53369 | 2026-04-15 | 8.6 High | ||
| Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 4.0.1. | ||||
| CVE-2025-12101 | 1 Netscaler | 2 Adc, Gateway | 2026-04-15 | N/A |
| Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | ||||
| CVE-2025-48269 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through <= 2.2.3. | ||||
| CVE-2025-48277 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows Stored XSS.This issue affects Cost Calculator Builder: from n/a through <= 3.2.74. | ||||
| CVE-2025-8668 | 1 E-kalite Software Hardware Engineering Design And Internet Services Industry And Trade Ltd. Co. | 1 Turboard | 2026-04-15 | 9.4 Critical |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue affects Turboard: from 2025.07 before 2026.02. NOTE: This CVE record updated after the vendor implemented mitigations. | ||||