Export limit exceeded: 45485 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45485 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23468 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wrenchpilot Essay Wizard (wpCRES) essay-wizard-wpcres allows Reflected XSS.This issue affects Essay Wizard (wpCRES): from n/a through <= 1.0.6.4. | ||||
| CVE-2024-10875 | 2026-04-15 | 6.1 Medium | ||
| The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_Query_Arg without appropriate escaping on the URL in all versions up to, and including, 1.6.58. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-12203 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.4 Medium |
| The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_color’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-12466 | 2 Scribit, Wordpress | 2 Proofreading, Wordpress | 2026-04-15 | 6.1 Medium |
| The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-12598 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13377 | 2026-04-15 | 7.2 High | ||
| The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13434 | 2026-04-15 | 6.1 Medium | ||
| The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-30190 | 1 Open-xchange | 1 Ox App Suite | 2026-04-15 | 5.4 Medium |
| Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available exploits are known | ||||
| CVE-2025-23466 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsiteeditor Site Editor Google Map site-editor-google-map allows Reflected XSS.This issue affects Site Editor Google Map: from n/a through <= 1.0.1. | ||||
| CVE-2025-23462 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anil Jailta FWD Slider fwd-slider allows Reflected XSS.This issue affects FWD Slider: from n/a through <= 1.0. | ||||
| CVE-2025-23461 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xkollsoftware Social2Blog social2blog allows Reflected XSS.This issue affects Social2Blog: from n/a through <= 0.2.990. | ||||
| CVE-2024-56287 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AppJetty WP jQuery DataTable wp-jquery-datatable allows Stored XSS.This issue affects WP jQuery DataTable: from n/a through <= 4.0.1. | ||||
| CVE-2024-56289 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through <= 3.7.3.3. | ||||
| CVE-2025-23460 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rhizomaticweb RWS Enquiry And Lead Follow-up rws-enquiry allows Reflected XSS.This issue affects RWS Enquiry And Lead Follow-up: from n/a through <= 1.0. | ||||
| CVE-2025-23459 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NsThemes NS Simple Intro Loader ns-simple-intro-loader allows Reflected XSS.This issue affects NS Simple Intro Loader: from n/a through <= 2.2.3. | ||||
| CVE-2025-23457 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shipdeoplugin Shipdeo shipdeo-woo allows Reflected XSS.This issue affects Shipdeo: from n/a through <= 1.2.8. | ||||
| CVE-2024-50464 | 2 Pierre Lebedel, Wordpress | 2 Kodex Posts Likes, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes.This issue affects Kodex Posts likes: from n/a through <= 2.5.0. | ||||
| CVE-2024-56292 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Email Reminders email-reminders allows Stored XSS.This issue affects Email Reminders: from n/a through <= 2.0.5. | ||||
| CVE-2024-56293 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Ahmed Advanced Form Integration advanced-form-integration allows Stored XSS.This issue affects Advanced Form Integration: from n/a through <= 1.95.0. | ||||
| CVE-2024-38815 | 1 Vmware | 3 Cloud Foundation, Nsx, Nsx-t | 2026-04-15 | 4.3 Medium |
| VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. | ||||