Export limit exceeded: 345450 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45497 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45497 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69391 | 2 Gt3themes, Wordpress | 2 Diamond, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through <= 2.4.8. | ||||
| CVE-2024-51696 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ben.moody Content Syndication Toolkit Reader content-syndication-toolkit-reader allows Reflected XSS.This issue affects Content Syndication Toolkit Reader: from n/a through <= 1.5. | ||||
| CVE-2024-51694 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalfisherman Geotagged Media geotagged-media allows Reflected XSS.This issue affects Geotagged Media: from n/a through <= 0.3.0. | ||||
| CVE-2024-51693 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in labdav Search order by product SKU for WooCommerce search-order-by-product-sku-for-woocommerce allows Reflected XSS.This issue affects Search order by product SKU for WooCommerce: from n/a through <= 0.2. | ||||
| CVE-2024-51692 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through <= 0.3.3. | ||||
| CVE-2024-51691 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aryanduntley Admin Amplify wpr-admin-amplify allows Reflected XSS.This issue affects Admin Amplify: from n/a through <= 1.3.0. | ||||
| CVE-2024-25737 | 2026-04-15 | 6.1 Medium | ||
| A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter. | ||||
| CVE-2024-2579 | 2 Data443, Wordpress | 2 Tracking Code Manager, Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16. | ||||
| CVE-2025-69390 | 2 Themebon, Wordpress | 2 Business Template Blocks For Wpbakery (visual Composer) Page Builder, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Business Template Blocks for WPBakery (Visual Composer) Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for WPBakery (Visual Composer) Page Builder: from n/a through <= 1.3.2. | ||||
| CVE-2025-69389 | 2 Hugh Mungus, Wordpress | 2 Visitor Maps Extended Referer Field, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Visitor Maps Extended Referer Field visitor-maps-extended-referer-field allows Reflected XSS.This issue affects Visitor Maps Extended Referer Field: from n/a through <= 1.2.6. | ||||
| CVE-2024-51676 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious Delisho dr-widgets-blocks allows DOM-Based XSS.This issue affects Delisho: from n/a through <= 1.0.6. | ||||
| CVE-2024-51674 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fast Themes Sastra Essential Addons for Elementor sastra-essential-addons-for-elementor allows DOM-Based XSS.This issue affects Sastra Essential Addons for Elementor: from n/a through <= 1.0.5. | ||||
| CVE-2024-50593 | 1 Hasomed | 1 Elefant | 2026-04-15 | 7.8 High |
| An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software. | ||||
| CVE-2024-50585 | 2026-04-15 | 4.7 Medium | ||
| Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" (nlslogin.jsp) page. The vulnerability can be triggered by sending a specially crafted HTTP POST request. The vendor was unresponsive during multiple attempts to contact them via various channels, hence there is no solution available. In case you are using this software, be sure to restrict access and monitor logs. Try to reach out to your contact person for this vendor and request a patch. | ||||
| CVE-2025-69318 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hossni Mubarak JobWP jobwp allows Stored XSS.This issue affects JobWP: from n/a through <= 2.4.5. | ||||
| CVE-2024-8324 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-26454 | 2026-04-15 | 5.4 Medium | ||
| A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php. | ||||
| CVE-2024-26465 | 2026-04-15 | 6.1 Medium | ||
| A DOM based cross-site scripting (XSS) vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL. | ||||
| CVE-2024-50556 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WorldMarkerter WM Zoom wm-zoom allows DOM-Based XSS.This issue affects WM Zoom: from n/a through <= 1.0. | ||||
| CVE-2024-50555 | 2 Elementor, Wordpress | 2 Elementor Website Builder, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.29.0. | ||||