) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2025-52707 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirelightWP Firelight Lightbox allows Stored XSS. This issue affects Firelight Lightbox: from n/a through 2.3.16. Published: June 20, 2025; 11:15:31 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50051 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chad Butler WP-Members allows Stored XSS.This issue affects WP-Members: from n/a through 3.5.4. Published: June 20, 2025; 11:15:31 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50050 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress allows Stored XSS. This issue affects Jobs for WordPress: from n/a through 2.7.12. Published: June 20, 2025; 11:15:31 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50049 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prismtechstudios Modern Footnotes allows Stored XSS. This issue affects Modern Footnotes: from n/a through 1.4.19. Published: June 20, 2025; 11:15:31 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50048 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS. This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.9. Published: June 20, 2025; 11:15:31 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50047 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.9. Published: June 20, 2025; 11:15:31 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50046 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5. Published: June 20, 2025; 11:15:31 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50045 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Related Products Manager for WooCommerce allows DOM-Based XSS. This issue affects Related Products Manager for WooCommerce: from n/a through 1.6.2. Published: June 20, 2025; 11:15:30 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50043 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Code Engine allows Stored XSS. This issue affects Code Engine: from n/a through 0.3.2. Published: June 20, 2025; 11:15:30 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50042 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode allows Stored XSS. This issue affects WP Register Profile With Shortcode: from n/a through 3.6.1. Published: June 20, 2025; 11:15:30 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50041 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Engine Gutenberg Blocks – ACF Blocks Suite allows Stored XSS. This issue affects Gutenberg Blocks – ACF Blocks Suite: from n/a through 2.6.11. Published: June 20, 2025; 11:15:30 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50038 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anantaddons Anant Addons for Elementor allows Stored XSS. This issue affects Anant Addons for Elementor: from n/a through 1.2.0. Published: June 20, 2025; 11:15:30 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50037 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buying Buddy Buying Buddy IDX CRM allows DOM-Based XSS. This issue affects Buying Buddy IDX CRM: from n/a through 2.3.0. Published: June 20, 2025; 11:15:29 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50035 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 3.0. Published: June 20, 2025; 11:15:29 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50033 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Fitness Park allows DOM-Based XSS. This issue affects Fitness Park: from n/a through 1.1.1. Published: June 20, 2025; 11:15:29 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50030 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Spark Multipurpose allows DOM-Based XSS. This issue affects Spark Multipurpose: from n/a through 1.0.7. Published: June 20, 2025; 11:15:29 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50027 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xootix Login/Signup Popup allows Stored XSS. This issue affects Login/Signup Popup: from n/a through 2.9.4. Published: June 20, 2025; 11:15:29 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50026 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki allows Stored XSS. This issue affects Spoki: from n/a through 2.16.0. Published: June 20, 2025; 11:15:28 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50025 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls allows Stored XSS. This issue affects CP Polls: from n/a through 1.0.81. Published: June 20, 2025; 11:15:28 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50024 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Truong Thanh ATP Call Now allows Stored XSS. This issue affects ATP Call Now: from n/a through 1.0.3. Published: June 20, 2025; 11:15:28 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |