Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31897 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Custom Feed for Twitter allows Stored XSS. This issue affects Arrow Custom Feed for Twitter: from n/a through 1.5.3. | |||||
| CVE-2025-31733 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap allows Stored XSS. This issue affects WP Sitemap: from n/a through 1.0.0. | |||||
| CVE-2025-31805 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Systems Gutena Kit – Gutenberg Blocks and Templates allows Stored XSS. This issue affects Gutena Kit – Gutenberg Blocks and Templates: from n/a through 2.0.7. | |||||
| CVE-2025-31894 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infoway LLC Ebook Downloader allows Stored XSS. This issue affects Ebook Downloader: from n/a through 1.0. | |||||
| CVE-2025-31557 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MiKa OSM – OpenStreetMap allows DOM-Based XSS. This issue affects OSM – OpenStreetMap: from n/a through 6.1.6. | |||||
| CVE-2025-30794 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Events Calendar Event Tickets allows Reflected XSS. This issue affects Event Tickets: from n/a through 5.20.0. | |||||
| CVE-2025-31790 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binsaifullah Posten allows DOM-Based XSS. This issue affects Posten: from n/a through 0.0.1. | |||||
| CVE-2025-31778 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raphaelheide Donate Me allows Reflected XSS. This issue affects Donate Me: from n/a through 1.2.5. | |||||
| CVE-2025-1267 | 2025-04-01 | N/A | 5.5 MEDIUM | ||
| The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2025-31556 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS. This issue affects IMPress for IDX Broker: from n/a through 3.2.3. | |||||
| CVE-2025-31627 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a through 3.24. | |||||
| CVE-2025-31771 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sultan Nasir Uddin Team Members for Elementor Page Builder allows Stored XSS. This issue affects Team Members for Elementor Page Builder: from n/a through 1.0.4. | |||||
| CVE-2025-23995 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through 1.0.0.5. | |||||
| CVE-2025-31734 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Simple Post Expiration allows DOM-Based XSS. This issue affects Simple Post Expiration: from n/a through 1.0.1. | |||||
| CVE-2025-31806 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uSystems Webling allows Stored XSS. This issue affects Webling: from n/a through 3.9.0. | |||||
| CVE-2025-31754 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DobsonDev DobsonDev Shortcodes allows Stored XSS. This issue affects DobsonDev Shortcodes: from n/a through 2.1.12. | |||||
| CVE-2025-31597 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crazycric Ultimate Live Cricket WordPress Lite allows Stored XSS. This issue affects Ultimate Live Cricket WordPress Lite: from n/a through 1.4.2. | |||||
| CVE-2025-31849 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fbtemplates Nemesis All-in-One allows Stored XSS. This issue affects Nemesis All-in-One: from n/a through 1.1.0. | |||||
| CVE-2025-31869 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS. This issue affects Black Widgets For Elementor: from n/a through 1.3.9. | |||||
| CVE-2025-1512 | 2025-04-01 | N/A | 6.4 MEDIUM | ||
| The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Cursor Extension in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||