Export limit exceeded: 45499 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45499 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2579 | 2 Data443, Wordpress | 2 Tracking Code Manager, Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16. | ||||
| CVE-2024-32695 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9. | ||||
| CVE-2024-32694 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62. | ||||
| CVE-2024-32690 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7. | ||||
| CVE-2025-40725 | 2026-04-15 | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the “q” parameter in /search via GET. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | ||||
| CVE-2025-12486 | 1 Heimdalldata | 1 Database Proxy | 2026-04-15 | N/A |
| Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of the database event logs. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of the target user. Was ZDI-CAN-24755. | ||||
| CVE-2025-53307 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder WordPress Assistant assistant allows Reflected XSS.This issue affects WordPress Assistant: from n/a through <= 1.5.2. | ||||
| CVE-2025-53282 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Thumbnail Editor thumbnail-editor allows Stored XSS.This issue affects Thumbnail Editor: from n/a through <= 2.3.3. | ||||
| CVE-2025-53276 | 2 Omnipressteam, Wordpress | 2 Omnipress, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows DOM-Based XSS.This issue affects Omnipress: from n/a through <= 1.6.4. | ||||
| CVE-2024-31926 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.2. | ||||
| CVE-2024-34793 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kharim Tomlinson WP Next Post Navi allows Stored XSS.This issue affects WP Next Post Navi: from n/a through 1.8.3. | ||||
| CVE-2025-62031 | 2 Tagdiv, Wordpress | 2 Composer, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1. | ||||
| CVE-2024-31387 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2. | ||||
| CVE-2025-62036 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | ||||
| CVE-2024-31365 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a before 2.1.1. | ||||
| CVE-2024-31357 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.5.2. | ||||
| CVE-2025-62044 | 2 Codexthemes, Wordpress | 2 Thegem, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.10.5.1. | ||||
| CVE-2024-31348 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5. | ||||
| CVE-2024-31344 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6. | ||||
| CVE-2024-35297 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.7 Medium |
| Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. | ||||