Export limit exceeded: 45471 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45471 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13678 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `thailottery` shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied `width` and `height` shortcode attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-13860 | 2 Webradykal, Wordpress | 2 Easy Jump Links Menus, Wordpress | 2026-04-15 | 6.4 Medium |
| The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `h_tags` parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-54328 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linknacional Invoice Payment for WooCommerce invoice-payment-for-woocommerce allows Reflected XSS.This issue affects Invoice Payment for WooCommerce: from n/a through <= 1.7.2. | ||||
| CVE-2024-54329 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metup CleverNode Related Content clevernode-related-content allows Reflected XSS.This issue affects CleverNode Related Content: from n/a through <= 1.1.5. | ||||
| CVE-2024-54333 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Check Pincode For Woocommerce check-pincode-for-woocommerce allows Reflected XSS.This issue affects Check Pincode For Woocommerce: from n/a through <= 1.1. | ||||
| CVE-2025-3117 | 2026-04-15 | 5.4 Medium | ||
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. | ||||
| CVE-2024-54344 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop wp-quick-shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through <= 1.3.1. | ||||
| CVE-2025-30623 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry wA11y – The Web Accessibility Toolbox wa11y allows Stored XSS.This issue affects wA11y – The Web Accessibility Toolbox: from n/a through <= 1.0.3. | ||||
| CVE-2024-54345 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 Bicycleshop bicycleshop allows DOM-Based XSS.This issue affects Bicycleshop: from n/a through <= 1.5. | ||||
| CVE-2024-54346 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 Barter barter allows DOM-Based XSS.This issue affects Barter: from n/a through <= 1.6. | ||||
| CVE-2025-4049 | 2026-04-15 | N/A | ||
| Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.This issue affects FARA: through 5.0.80.34. | ||||
| CVE-2024-54348 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yaycommerce Brand brand allows Stored XSS.This issue affects Brand: from n/a through <= 1.1.6. | ||||
| CVE-2024-54349 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mashiurz Plain Post plain-post allows Stored XSS.This issue affects Plain Post: from n/a through <= 1.0.3. | ||||
| CVE-2025-23722 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mind3dom Mind3doM RyeBread Widgets mind3dom-ryebread-widgets allows Reflected XSS.This issue affects Mind3doM RyeBread Widgets: from n/a through <= 1.0. | ||||
| CVE-2025-23721 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cloudvn Mobigate mobigatevn allows Reflected XSS.This issue affects Mobigate: from n/a through <= 1.0.3. | ||||
| CVE-2025-23718 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mancx Mancx AskMe Widget mancx-askme-widget allows Reflected XSS.This issue affects Mancx AskMe Widget: from n/a through <= 0.3. | ||||
| CVE-2025-23716 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JkmAS Login Watchdog login-watchdog allows Stored XSS.This issue affects Login Watchdog: from n/a through <= 1.0.4. | ||||
| CVE-2025-23546 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert D Payne RDP inGroups+ rdp-ingroups allows Reflected XSS.This issue affects RDP inGroups+: from n/a through <= 1.0.6. | ||||
| CVE-2025-2354 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability has been found in VAM Virtual Airlines Manager 2.6.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vam/index.php. The manipulation of the argument registry_id/plane_icao/hub_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-23524 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dactum ClickBank Storefront mycbgenie-clickbank-storefront allows Reflected XSS.This issue affects ClickBank Storefront: from n/a through <= 1.7. | ||||