Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60160 | 2025-09-26 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sharkthemes Smart Related Products allows Stored XSS. This issue affects Smart Related Products: from n/a through 2.0.5. | |||||
| CVE-2025-60124 | 2025-09-26 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Hellyer Simple Colorbox allows Stored XSS. This issue affects Simple Colorbox: from n/a through 1.6.1. | |||||
| CVE-2025-60186 | 2025-09-26 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Google+ Comments allows Stored XSS. This issue affects Google+ Comments: from n/a through 1.0. | |||||
| CVE-2025-10178 | 2025-09-26 | N/A | 6.4 MEDIUM | ||
| The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbd_featured_image' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-10490 | 2025-09-26 | N/A | 4.4 MEDIUM | ||
| The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.202 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2025-27006 | 2025-09-26 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeplugs Authorsy allows Stored XSS. This issue affects Authorsy: from n/a through 1.0.5. | |||||
| CVE-2025-60142 | 2025-09-26 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags allows DOM-Based XSS. This issue affects Simple Meta Tags: from n/a through 1.5. | |||||
| CVE-2025-60101 | 2025-09-26 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Woostify Woostify allows Stored XSS. This issue affects Woostify: from n/a through 2.4.2. | |||||
| CVE-2025-48107 | 2025-09-26 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undsgn Uncode allows Reflected XSS. This issue affects Uncode: from n/a through n/a. | |||||
| CVE-2025-8200 | 2025-09-26 | N/A | 6.4 MEDIUM | ||
| The Mega Elements – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-60157 | 2025-09-26 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System allows Stored XSS. This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through 6.0.2. | |||||
| CVE-2025-60144 | 2025-09-26 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Lenix scss compiler allows Stored XSS. This issue affects Lenix scss compiler: from n/a through 1.2. | |||||
| CVE-2025-60177 | 2025-09-26 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp allows Stored XSS. This issue affects Recaptcha – wp: from n/a through 0.2.6. | |||||
| CVE-2025-8906 | 2025-09-26 | N/A | 6.4 MEDIUM | ||
| The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-60158 | 2025-09-26 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Stored XSS. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6. | |||||
| CVE-2025-60105 | 2025-09-26 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty allows Stored XSS. This issue affects Ditty: from n/a through 3.1.58. | |||||
| CVE-2025-4957 | 2025-09-26 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid allows Reflected XSS. This issue affects ProfileGrid : from n/a through 5.9.5.7. | |||||
| CVE-2025-60104 | 2025-09-26 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery Custom Links allows Stored XSS. This issue affects Gallery Custom Links: from n/a through 2.2.5. | |||||
| CVE-2025-60163 | 2025-09-26 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin W bbp topic count allows DOM-Based XSS. This issue affects bbp topic count: from n/a through 3.1. | |||||
| CVE-2025-60136 | 2025-09-26 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj User Notes allows Stored XSS. This issue affects User Notes: from n/a through 1.0.2. | |||||