Total
40717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66111 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through <= 1.3.0. | ||||
| CVE-2019-11359 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. | ||||
| CVE-2019-11449 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| I, Librarian 4.10 has XSS via the notes.php notes parameter. | ||||
| CVE-2019-11428 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| I, Librarian 4.10 has XSS via the export.php export_files parameter. | ||||
| CVE-2025-14194 | 2 Carmelogarcia, Code-projects | 2 Employee Profile Management System, Employee Profile Management System | 2025-12-10 | 3.5 Low |
| A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument per_address/dr_school/other_school leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-6924 | 1 Talentsoftware | 1 Bap Automation | 2025-12-10 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957. | ||||
| CVE-2025-67541 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-ShowHide wp-showhide allows Stored XSS.This issue affects WP-ShowHide: from n/a through <= 1.05. | ||||
| CVE-2025-67544 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from n/a through < 7.0. | ||||
| CVE-2025-67542 | 3 Silkypress, Woocommerce, Wordpress | 3 Multi Step Checkout For Woocommerce, Woocommerce, Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SilkyPress Multi-Step Checkout for WooCommerce wp-multi-step-checkout allows DOM-Based XSS.This issue affects Multi-Step Checkout for WooCommerce: from n/a through <= 2.33. | ||||
| CVE-2025-12705 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 7.2 High |
| The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trim_text' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.5. | ||||
| CVE-2025-67543 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through <= 2.2.2. | ||||
| CVE-2025-67537 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Stored XSS.This issue affects ThirstyAffiliates: from n/a through <= 3.11.8. | ||||
| CVE-2025-67558 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7. | ||||
| CVE-2025-67538 | 2 Jnews, Wordpress | 2 Jnews, Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews Gallery jnews-gallery allows Stored XSS.This issue affects JNews Gallery: from n/a through < 12.0.1. | ||||
| CVE-2025-10876 | 1 Talentsoftware | 1 Bap Automation | 2025-12-10 | 5.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Cross-Site Scripting (XSS).This issue affects e-BAP Automation: from 1.8.96 before v.41815. | ||||
| CVE-2025-67536 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through <= 4.2.9.4. | ||||
| CVE-2025-67539 | 2 Select-themes, Wordpress | 2 Stockholm Core, Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through < 2.6. | ||||
| CVE-2025-63045 | 2 Averta, Wordpress | 2 Master Slider Pro, Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through <= 3.7.12. | ||||
| CVE-2025-63046 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Based XSS.This issue affects ListingPro: from n/a through <= 2.9.9. | ||||
| CVE-2025-63044 | 3 Elementor, Wordpress, Xpro | 3 Elementor, Wordpress, Xpro Elementor Addons | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1. | ||||