Export limit exceeded: 45543 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45543 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22748 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Setmore SetMore Theme – Custom Post Types service-provider-profile-cpt allows Stored XSS.This issue affects SetMore Theme – Custom Post Types: from n/a through <= 1.1. | ||||
| CVE-2024-51924 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexandremagno WP Agenda wp-agenda allows Stored XSS.This issue affects WP Agenda: from n/a through <= 2.0. | ||||
| CVE-2025-32570 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce chillpay-payment-gateway allows Stored XSS.This issue affects ChillPay WooCommerce: from n/a through <= 2.5.3. | ||||
| CVE-2025-58269 | 2 Wedevs, Wordpress | 2 Wp Project Manager, Wordpress | 2026-04-15 | N/A |
| Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 2.6.25. | ||||
| CVE-2025-24658 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Auction Nudge – Your eBay on Your Site auction-nudge allows Stored XSS.This issue affects Auction Nudge – Your eBay on Your Site: from n/a through <= 7.2.0. | ||||
| CVE-2024-51913 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapme Mapme mapme allows Stored XSS.This issue affects Mapme: from n/a through <= 1.3.2. | ||||
| CVE-2025-58353 | 1 Promptcraft-forge-studio Project | 1 Promptcraft-forge-studio | 2026-04-15 | 8.2 High |
| Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package uses multi-character tokens and each replacement is applied only once, removing one occurrence can create a new dangerous token due to overlap. The “sanitized” value may still contain an executable payload when used in href/src (or injected into the DOM). There is currently no fix for this issue. | ||||
| CVE-2025-25108 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shalomworld SW Plus shalom-world-media-gallery allows Reflected XSS.This issue affects SW Plus: from n/a through <= 2.1. | ||||
| CVE-2024-51907 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codemenschen WP Virtual Room Configurator configure-conference-room allows Stored XSS.This issue affects WP Virtual Room Configurator: from n/a through <= 1.0.0. | ||||
| CVE-2025-10386 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-51905 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ravi Kumar Vanukuru RSV PDF Preview rsv-pdf-preview allows Stored XSS.This issue affects RSV PDF Preview: from n/a through <= 1.0. | ||||
| CVE-2025-30902 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ATL Software SRL AEC Kiosque aec-kiosque allows Reflected XSS.This issue affects AEC Kiosque: from n/a through <= 1.9.3. | ||||
| CVE-2025-68599 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through <= 5.4. | ||||
| CVE-2025-31817 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWheels BlockWheels blockwheels allows DOM-Based XSS.This issue affects BlockWheels: from n/a through <= 1.0.2. | ||||
| CVE-2024-51892 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Sell Media File with Stripe sell-media-file allows Stored XSS.This issue affects Sell Media File with Stripe: from n/a through <= 1.0.6. | ||||
| CVE-2025-68598 | 2 Livecomposer, Wordpress | 2 Page Builder: Live Composer, Wordpress | 2026-04-15 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.1.11. | ||||
| CVE-2025-58842 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in givecloud Donation Forms WP by Givecloud donation-forms-by-givecloud allows Stored XSS.This issue affects Donation Forms WP by Givecloud: from n/a through <= 1.0.9. | ||||
| CVE-2025-31805 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal Gutena Kit – Gutenberg Blocks and Templates gutena-kit allows Stored XSS.This issue affects Gutena Kit – Gutenberg Blocks and Templates: from n/a through <= 2.0.7. | ||||
| CVE-2024-35240 | 2026-04-15 | 5.4 Medium | ||
| Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-51889 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GeroNikolov Fancy User List fancy-user-listing allows Stored XSS.This issue affects Fancy User List: from n/a through <= 3.1. | ||||