Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2025-26153 |
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message. Published: April 16, 2025; 5:15:46 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39590 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS. This issue affects Essential Addons for Elementor: from n/a through 6.1.9. Published: April 16, 2025; 9:15:51 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39585 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit allows Stored XSS. This issue affects Travelfic Toolkit: from n/a through 1.2.1. Published: April 16, 2025; 9:15:51 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39582 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Passionate Programmer Peter WP Data Access allows DOM-Based XSS. This issue affects WP Data Access: from n/a through 5.5.36. Published: April 16, 2025; 9:15:51 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39581 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes allows Stored XSS. This issue affects Themify Shortcodes: from n/a through 2.1.3. Published: April 16, 2025; 9:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39579 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Membership For WooCommerce allows DOM-Based XSS. This issue affects Membership For WooCommerce: from n/a through 2.8.0. Published: April 16, 2025; 9:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39578 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.2. Published: April 16, 2025; 9:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39577 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.2. Published: April 16, 2025; 9:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39576 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows Stored XSS. This issue affects WPAdverts: from n/a through 2.2.1. Published: April 16, 2025; 9:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39575 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa allows Stored XSS. This issue affects WPCasa: from n/a through 1.3.2. Published: April 16, 2025; 9:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39574 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Shortcodes allows Stored XSS. This issue affects Uix Shortcodes: from n/a through 2.0.4. Published: April 16, 2025; 9:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39573 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.10. Published: April 16, 2025; 9:15:49 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39572 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Checkout for PayPal allows Stored XSS. This issue affects Checkout for PayPal: from n/a through 1.0.38. Published: April 16, 2025; 9:15:49 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39555 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin allows Stored XSS. This issue affects Church Admin: from n/a through 5.0.23. Published: April 16, 2025; 9:15:48 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39549 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in whiletrue Most And Least Read Posts Widget allows Stored XSS. This issue affects Most And Least Read Posts Widget: from n/a through 2.5.20. Published: April 16, 2025; 9:15:47 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39548 |
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS. This issue affects Right Click Disable OR Ban: from n/a through 1.1.17. Published: April 16, 2025; 9:15:47 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39547 |
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser allows Stored XSS. This issue affects Internal Link Optimiser: from n/a through 5.1.3. Published: April 16, 2025; 9:15:47 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39543 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a through 1.3.977. Published: April 16, 2025; 9:15:47 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39540 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhys Wynne WP Flipclock allows DOM-Based XSS. This issue affects WP Flipclock: from n/a through 1.9. Published: April 16, 2025; 9:15:46 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39530 |
Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS. This issue affects Site Search 360: from n/a through 2.1.7. Published: April 16, 2025; 9:15:46 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |