Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31452 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mindshare Labs, Inc. WP Ultimate Search allows Stored XSS. This issue affects WP Ultimate Search: from n/a through 2.0.3. | |||||
| CVE-2025-31450 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phantom.omaga Toggle Box allows Stored XSS. This issue affects Toggle Box: from n/a through 1.6. | |||||
| CVE-2025-22360 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Azure offload allows Reflected XSS. This issue affects WP Azure offload: from n/a through 2.0. | |||||
| CVE-2025-31096 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX allows DOM-Based XSS. This issue affects PostX: from n/a through 4.1.25. | |||||
| CVE-2025-31470 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Page Takeover allows Stored XSS. This issue affects Page Takeover: from n/a through 1.1.6. | |||||
| CVE-2025-31073 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Compete Themes Unlimited allows Stored XSS. This issue affects Unlimited: from n/a through 1.45. | |||||
| CVE-2024-51624 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos Já-Já Pagamentos for WooCommerce allows Reflected XSS. This issue affects Já-Já Pagamentos for WooCommerce: from n/a through 1.3.0. | |||||
| CVE-2025-2870 | 2025-03-28 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patient_side.php. | |||||
| CVE-2025-22767 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in globalpayments GlobalPayments WooCommerce allows Reflected XSS. This issue affects GlobalPayments WooCommerce: from n/a through 1.13.0. | |||||
| CVE-2025-2868 | 2025-03-28 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php. | |||||
| CVE-2025-2864 | 2025-03-28 | N/A | N/A | ||
| SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS). | |||||
| CVE-2025-31463 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Preetinder Singh TGG WP Optimizer allows Stored XSS. This issue affects TGG WP Optimizer: from n/a through 1.22. | |||||
| CVE-2025-22356 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stencies Stencies allows Reflected XSS. This issue affects Stencies: from n/a through 0.58. | |||||
| CVE-2025-2878 | 2025-03-28 | N/A | 2.4 LOW | ||
| A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database leads to cross site scripting. The attack can be launched remotely. Upgrading to version 13.0.179 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-31473 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewprice1178 WP Database Optimizer allows Stored XSS. This issue affects WP Database Optimizer: from n/a through 1.2.1.3. | |||||
| CVE-2025-31101 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through 1.0. | |||||
| CVE-2025-31093 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redpixelstudios RPS Include Content allows DOM-Based XSS. This issue affects RPS Include Content: from n/a through 1.2.1. | |||||
| CVE-2025-31102 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel allows Reflected XSS. This issue affects Hostel: from n/a through 1.1.5.5. | |||||
| CVE-2025-1705 | 2025-03-28 | N/A | 6.1 MEDIUM | ||
| The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the td_ajax_get_views AJAX action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-31437 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Miller WP-OGP allows Stored XSS. This issue affects WP-OGP: from n/a through 1.0.5. | |||||