Total
36680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2369 | 1 Godaddy | 1 Coblocks | 2025-05-13 | N/A | 5.4 MEDIUM |
| The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-2263 | 1 Themify | 1 Woocommerce Product Filter | 2025-05-13 | N/A | 4.8 MEDIUM |
| Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-32325 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-05-13 | N/A | 2.4 LOW |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. | |||||
| CVE-2024-1846 | 1 Wpdarko | 1 Responsive Tabs | 2025-05-13 | N/A | 5.4 MEDIUM |
| The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-1664 | 1 Bdwm | 1 Responsive Gallery Grid | 2025-05-13 | N/A | 6.1 MEDIUM |
| The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-2509 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-13 | N/A | 6.5 MEDIUM |
| The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-0719 | 1 Otwthemes | 1 Tabs Shortcode And Widget | 2025-05-13 | N/A | 5.4 MEDIUM |
| The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-0711 | 1 Otwthemes | 1 Buttons Shortcode And Widget | 2025-05-13 | N/A | 6.1 MEDIUM |
| The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2025-46611 | 2025-05-12 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script. | |||||
| CVE-2025-26841 | 2025-05-12 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. | |||||
| CVE-2024-56338 | 1 Ibm | 1 Sterling B2b Integrator | 2025-05-12 | N/A | 4.8 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-1551 | 1 Ibm | 1 Operational Decision Manager | 2025-05-12 | N/A | 6.1 MEDIUM |
| IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-2031 | 1 1000mz | 1 Chestnutcms | 2025-05-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-47547 | 1 Sendpulse | 1 Sendpulse Email Marketing Newsletter | 2025-05-12 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.6. | |||||
| CVE-2022-42993 | 1 Password Storage Application Project | 1 Password Storage Application | 2025-05-12 | N/A | 5.4 MEDIUM |
| Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. | |||||
| CVE-2025-47623 | 1 Wpplugin | 1 Easy Paypal \& Stripe Buy Now Button | 2025-05-12 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Easy PayPal Buy Now Button allows Stored XSS. This issue affects Easy PayPal Buy Now Button: from n/a through 2.0. | |||||
| CVE-2025-47625 | 1 Apasionados | 1 Dofollow Case By Case | 2025-05-12 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados DoFollow Case by Case allows Stored XSS. This issue affects DoFollow Case by Case: from n/a through 3.5.1. | |||||
| CVE-2025-47626 | 1 Apasionados | 1 Submission Dom Tracking For Contact Form 7 | 2025-05-12 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Submission DOM tracking for Contact Form 7 allows Stored XSS. This issue affects Submission DOM tracking for Contact Form 7: from n/a through 2.0. | |||||
| CVE-2025-47630 | 1 Connekthq | 1 Ajax Load More | 2025-05-12 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More allows Stored XSS. This issue affects Ajax Load More: from n/a through 7.3.1. | |||||
| CVE-2025-47632 | 1 Raihancse | 1 Awesome Gallery | 2025-05-12 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raihanul Islam Awesome Gallery allows Stored XSS. This issue affects Awesome Gallery: from n/a through 1.0. | |||||