Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6555 | 1 I13websolution | 1 Email Subscription Popup | 2025-06-18 | N/A | 6.1 MEDIUM |
| The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-27000 | 1 Netscout | 1 Ngeniusone | 2025-06-18 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). | |||||
| CVE-2023-27739 | 1 Easyxdm | 1 Easyxdm | 2025-06-18 | N/A | 6.1 MEDIUM |
| easyXDM 2.5 allows XSS via the xdm_e parameter. | |||||
| CVE-2023-5911 | 1 Hamidrezasepehr | 1 Wp Custom Cursors \| Wordpress Cursor Plugin | 2025-06-18 | N/A | 4.8 MEDIUM |
| The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-6141 | 1 G5plus | 1 Essential Real Estate | 2025-06-18 | N/A | 5.4 MEDIUM |
| The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. | |||||
| CVE-2023-6621 | 1 Wpexperts | 1 Post Smtp | 2025-06-18 | N/A | 6.1 MEDIUM |
| The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-21910 | 1 Tiny | 1 Tinymce | 2025-06-18 | N/A | 6.1 MEDIUM |
| TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser. | |||||
| CVE-2025-23798 | 1 Buddypress | 1 Buddypress | 2025-06-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliott Robson Mass Messaging in BuddyPress allows Reflected XSS. This issue affects Mass Messaging in BuddyPress: from n/a through 2.2.1. | |||||
| CVE-2025-5420 | 1 Juzaweb | 1 Cms | 2025-06-18 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6485 | 1 Bplugins | 1 Html5 Video Player | 2025-06-18 | N/A | 5.4 MEDIUM |
| The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins | |||||
| CVE-2023-6000 | 1 Sygnoos | 1 Popup Builder | 2025-06-18 | N/A | 6.1 MEDIUM |
| The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. | |||||
| CVE-2023-6037 | 1 Ljapps | 1 Wp Tripadvisor Review Slider | 2025-06-18 | N/A | 4.8 MEDIUM |
| The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2025-5237 | 2025-06-18 | N/A | 6.4 MEDIUM | ||
| The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-2560 | 1 Ninjaforms | 1 Ninja Forms | 2025-06-17 | N/A | N/A |
| The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-2561 | 1 Ninjaforms | 1 Ninja Forms | 2025-06-17 | N/A | N/A |
| The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-48145 | 2025-06-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michal Jaworski Track, Analyze & Optimize by WP Tao allows Reflected XSS. This issue affects Track, Analyze & Optimize by WP Tao: from n/a through 1.3. | |||||
| CVE-2025-49266 | 2025-06-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate Reviews allows Reflected XSS. This issue affects Ultimate Reviews: from n/a through 3.2.14. | |||||
| CVE-2025-49859 | 2025-06-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in etruel WP Views Counter allows Stored XSS. This issue affects WP Views Counter: from n/a through 2.0.3. | |||||
| CVE-2025-49881 | 2025-06-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.5. | |||||
| CVE-2025-49863 | 2025-06-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Stored XSS. This issue affects Advanced Sermons: from n/a through 3.6. | |||||