Total
38254 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27361 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google allows Reflected XSS. This issue affects Photo Express for Google: from n/a through 0.3.2. | |||||
| CVE-2025-53275 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows DOM-Based XSS. This issue affects Leyka: from n/a through 3.31.9. | |||||
| CVE-2025-50052 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Counter allows Reflected XSS. This issue affects Flexo Counter: from n/a through 1.0001. | |||||
| CVE-2025-47574 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0. | |||||
| CVE-2025-49423 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Tahir Ali Jan Bulk YouTube Post Creator allows Reflected XSS. This issue affects Bulk YouTube Post Creator: from n/a through 1.0. | |||||
| CVE-2025-30972 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify allows Stored XSS. This issue affects Woocommerce Line Notify: from n/a through 1.1.7. | |||||
| CVE-2025-31428 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8. | |||||
| CVE-2025-52727 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables allows Reflected XSS. This issue affects CSS3 Vertical Web Pricing Tables: from n/a through 1.9. | |||||
| CVE-2025-53294 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smart Agenda Smart Agenda allows Stored XSS. This issue affects Smart Agenda: from n/a through 4.9. | |||||
| CVE-2025-28960 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine allows Reflected XSS. This issue affects Evangelische Termine: from n/a through 3.3. | |||||
| CVE-2025-53280 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.5. | |||||
| CVE-2025-53300 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in douglaskarr Podcast Feed Player Widget and Shortcode allows Stored XSS. This issue affects Podcast Feed Player Widget and Shortcode: from n/a through 2.2.0. | |||||
| CVE-2025-53301 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Junkie Theme Junkie Team Content allows DOM-Based XSS. This issue affects Theme Junkie Team Content: from n/a through 0.1.1. | |||||
| CVE-2025-53321 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raise The Money Raise The Money allows DOM-Based XSS. This issue affects Raise The Money: from n/a through 5.2. | |||||
| CVE-2025-4587 | 2025-06-30 | N/A | 6.4 MEDIUM | ||
| The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-53199 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Slider For Elementor allows DOM-Based XSS. This issue affects HT Slider For Elementor: from n/a through 1.6.5. | |||||
| CVE-2025-47654 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Reflected XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.20. | |||||
| CVE-2025-25173 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook allows Stored XSS. This issue affects FastBook: from n/a through 1.1. | |||||
| CVE-2025-52799 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS allows Reflected XSS. This issue affects LMS: from n/a through 9.1. | |||||
| CVE-2025-53320 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from n/a through 1.0.4. | |||||