Export limit exceeded: 45471 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45471 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31445 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sed Lex Pages Order pages-order allows Reflected XSS.This issue affects Pages Order: from n/a through <= 1.1.3. | ||||
| CVE-2025-24619 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WP Log Action wp-log-action allows Reflected XSS.This issue affects WP Log Action: from n/a through <= 0.51. | ||||
| CVE-2024-56224 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ledenbeheer Ledenbeheer ledenbeheer-external-connection allows Stored XSS.This issue affects Ledenbeheer: from n/a through <= 2.1.0. | ||||
| CVE-2025-15266 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.2 High |
| The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat message field in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the Chat History page. | ||||
| CVE-2025-24609 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through <= 3.2.4. | ||||
| CVE-2025-54023 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious delicious-recipes allows DOM-Based XSS.This issue affects WP Delicious: from n/a through <= 1.8.4. | ||||
| CVE-2025-70846 | 1 Lty628 | 1 Aidigu | 2026-04-15 | 7.1 High |
| lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password. | ||||
| CVE-2025-69082 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through <= 6.0.3. | ||||
| CVE-2024-36043 | 2026-04-15 | 6.1 Medium | ||
| question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property. | ||||
| CVE-2025-15355 | 1 Netvision | 1 Isoinsight | 2026-04-15 | 6.1 Medium |
| ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | ||||
| CVE-2025-22283 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyaz GetSocial getsocial allows Reflected XSS.This issue affects GetSocial: from n/a through <= 2.0.1. | ||||
| CVE-2025-23855 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyljp SpiderDisplay spiderdisplay allows Reflected XSS.This issue affects SpiderDisplay: from n/a through <= 1.9.1. | ||||
| CVE-2025-24615 | 2 Fatcatapps, Wordpress | 2 Analytics Cat, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat analytics-cat allows Reflected XSS.This issue affects Analytics Cat: from n/a through <= 1.1.2. | ||||
| CVE-2025-31428 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through <= 2.8. | ||||
| CVE-2025-1629 | 2026-04-15 | 3.5 Low | ||
| A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-12621 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-32525 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MapGeo Interactive Geo Maps interactive-geo-maps allows Reflected XSS.This issue affects Interactive Geo Maps: from n/a through <= 1.6.24. | ||||
| CVE-2025-22324 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andon Ivanov OZ Canonical oz-canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through <= 0.5. | ||||
| CVE-2024-29143 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs, sareiodata Passwordless Login passwordless-login allows Stored XSS.This issue affects Passwordless Login: from n/a through 1.1.2. | ||||
| CVE-2024-33954 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atanas Yonkov Pliska allows Stored XSS.This issue affects Pliska: from n/a through 0.3.5. | ||||