Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31081 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Reflected XSS. This issue affects Enable Media Replace: from n/a through 4.1.5.
|
|||||
| CVE-2025-31078 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Reflected XSS. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.18.
|
|||||
| CVE-2025-30852 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite allows Reflected XSS. This issue affects Oracle Cards Lite: from n/a through 1.2.1.
|
|||||
| CVE-2025-30090 | 2025-04-02 | N/A | 7.2 HIGH | ||
|
mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.
|
|||||
| CVE-2025-31454 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Delete Post Revision allows Reflected XSS. This issue affects Delete Post Revision: from n/a through 1.1.
|
|||||
| CVE-2025-30913 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas allows Reflected XSS. This issue affects Access Areas: from n/a through 1.5.19.
|
|||||
| CVE-2025-31445 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pages Order allows Reflected XSS. This issue affects Pages Order: from n/a through 1.1.3.
|
|||||
| CVE-2025-31537 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS. This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.16.
|
|||||
| CVE-2025-3098 | 2025-04-02 | N/A | 6.1 MEDIUM | ||
|
The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2025-31461 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound NanoSupport allows Reflected XSS. This issue affects NanoSupport: from n/a through 0.6.0.
|
|||||
| CVE-2025-2513 | 2025-04-02 | N/A | 6.4 MEDIUM | ||
|
The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
|
|||||
| CVE-2025-31563 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vimal Kava AI Search Bar allows Stored XSS. This issue affects AI Search Bar: from n/a through 1.3.
|
|||||
| CVE-2025-30778 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Reflected XSS. This issue affects VForm: from n/a through 3.1.9.
|
|||||
| CVE-2025-31819 | 2025-04-02 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks by Pixelgrade. This issue affects Nova Blocks by Pixelgrade: from n/a through 2.1.8.
|
|||||
| CVE-2025-31441 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S WordPress Galleria allows Reflected XSS. This issue affects WordPress Galleria: from n/a through 1.4.
|
|||||
| CVE-2025-31085 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language allows Reflected XSS. This issue affects xili-language: from n/a through 2.21.2.
|
|||||
| CVE-2025-31086 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick McReynolds Product Table by WBW allows Reflected XSS. This issue affects Product Table by WBW: from n/a through 2.1.4.
|
|||||
| CVE-2025-29049 | 2025-04-02 | N/A | 6.3 MEDIUM | ||
|
Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function.
|
|||||
| CVE-2025-2483 | 2025-04-02 | N/A | 6.1 MEDIUM | ||
|
The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘receip_address’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2025-31462 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rzfarrell CGM Event Calendar allows Reflected XSS. This issue affects CGM Event Calendar: from n/a through 0.8.5.
|
|||||
| CVE-2025-31578 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2.
|
|||||
| CVE-2025-30905 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.4.3.
|
|||||
| CVE-2025-31568 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds allows Reflected XSS. This issue affects LeadLab by wiredminds: from n/a through 1.3.
|
|||||
| CVE-2025-31455 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Limit Max IPs Per User allows DOM-Based XSS. This issue affects Limit Max IPs Per User: from n/a through 1.5.
|
|||||
| CVE-2025-31594 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading allows Reflected XSS. This issue affects Auto scroll for reading: from n/a through 1.1.4.
|
|||||
| CVE-2023-0448 | 1 Matbao | 1 Wp Helper Premium | 2025-04-02 | N/A | 6.1 MEDIUM |
|
The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.
|
|||||
| CVE-2019-11291 | 3 Broadcom, Redhat, Vmware | 3 Rabbitmq Server, Openstack, Rabbitmq | 2025-04-02 | 3.5 LOW | 4.8 MEDIUM |
|
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.
|
|||||
| CVE-2025-0718 | 1 Kylephillips | 1 Nested Pages | 2025-04-02 | N/A | 4.8 MEDIUM |
|
The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2025-2645 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-04-02 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /product.php. The manipulation of the argument artname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2077 | 1 Duogeek | 1 Simple Amazon Affiliate | 2025-04-02 | N/A | 6.1 MEDIUM |
|
The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2025-2078 | 1 Gkdv | 1 Blogbuzztime For Wp | 2025-04-02 | N/A | 4.4 MEDIUM |
|
The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has ...
Show More |
|||||
| CVE-2024-12589 | 1 Xlplugins | 1 Finale | 2025-04-02 | N/A | 6.4 MEDIUM |
|
The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2025-1619 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | N/A | 4.8 MEDIUM |
|
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2025-1620 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | N/A | 4.8 MEDIUM |
|
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2025-1621 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | N/A | 4.8 MEDIUM |
|
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2025-1622 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | N/A | 3.5 LOW |
|
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2025-1623 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | N/A | 3.5 LOW |
|
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2025-1624 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | N/A | 3.5 LOW |
|
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2025-27660 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | N/A | 5.4 MEDIUM |
|
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross Site Scripting OVE-20230524-0003.
|
|||||
| CVE-2025-2700 | 1 Dante-editor | 1 Dante3 | 2025-04-01 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||