Total
35912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2861 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. | |||||
| CVE-2022-2404 | 1 Themehunk | 1 Wp Popup Builder | 2025-05-21 | N/A | 6.1 MEDIUM |
| The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1755 | 1 Benbodhi | 1 Svg Support | 2025-05-21 | N/A | 5.4 MEDIUM |
| The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks | |||||
| CVE-2025-26998 | 1 Sktthemes | 1 Skt Blocks | 2025-05-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.8. | |||||
| CVE-2024-13853 | 1 Zynit | 1 Seo Tools | 2025-05-21 | N/A | 6.1 MEDIUM |
| The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-13862 | 1 S3bubble | 1 S3bubble-amazon-web-services-oembed-media-streaming-support | 2025-05-21 | N/A | 7.1 HIGH |
| The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2025-0629 | 1 Gallagherwebsitedesign | 1 Coronavirus \(covid-19\) Notice Message | 2025-05-21 | N/A | 4.8 MEDIUM |
| The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-25925 | 1 Openmrs | 1 Openmrs | 2025-05-21 | N/A | 4.8 MEDIUM |
| A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form. | |||||
| CVE-2022-38975 | 1 Ec-cube | 1 Ec-cube | 2025-05-21 | N/A | 5.4 MEDIUM |
| DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page. | |||||
| CVE-2024-6334 | 1 Magazine3 | 1 Easy Table Of Contents | 2025-05-21 | N/A | 6.1 MEDIUM |
| The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2024-3410 | 1 Digireturn | 1 Footer Contacts Bar | 2025-05-21 | N/A | 4.3 MEDIUM |
| The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-4057 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-21 | N/A | 6.1 MEDIUM |
| The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-2470 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-05-21 | N/A | 5.4 MEDIUM |
| The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-3937 | 1 Info-d-74 | 1 Playlist For Youtube | 2025-05-21 | N/A | 4.8 MEDIUM |
| The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-3921 | 1 Takahashifumiki | 1 Gianism | 2025-05-21 | N/A | 4.8 MEDIUM |
| The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-3939 | 1 Metaphorcreations | 1 Ditty | 2025-05-21 | N/A | 5.4 MEDIUM |
| The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-3920 | 1 Flattr | 1 Flattr | 2025-05-21 | N/A | 3.5 LOW |
| The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-3918 | 1 Dianakcury | 1 Pet Manager | 2025-05-21 | N/A | 4.8 MEDIUM |
| The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-3917 | 1 Dianakcury | 1 Pet Manager | 2025-05-21 | N/A | 6.1 MEDIUM |
| The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-3594 | 1 Themeatelier | 1 Idonate | 2025-05-21 | N/A | 8.7 HIGH |
| The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||