U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,792 matching records.
Displaying matches 541 through 560.
Vuln ID Summary CVSS Severity
CVE-2025-46520

Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS. This issue affects Related Posts via Taxonomies: from n/a through 1.0.1.

Published: April 24, 2025; 12:15:43 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46517

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdiscover Blog Manager WP allows Stored XSS. This issue affects Blog Manager WP: from n/a through 1.0.5.

Published: April 24, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46516

Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored XSS. This issue affects Twitter Card Generator: from n/a through 1.0.5.

Published: April 24, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46514

Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS. This issue affects Milat jQuery Automatic Popup: from n/a through 1.3.1.

Published: April 24, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46512

Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS. This issue affects Custom Functions Plugin: from n/a through 1.1.

Published: April 24, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46510

Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS. This issue affects Contact Form 7 Calendar: from n/a through 3.0.1.

Published: April 24, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46509

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrey Mikhalchuk 360 View allows Stored XSS. This issue affects 360 View: from n/a through 1.1.0.

Published: April 24, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46508

Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load allows Stored XSS. This issue affects Advanced lazy load: from n/a through 1.6.0.

Published: April 24, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46507

Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS. This issue affects Unsafe Mimetypes: from n/a through 0.1.4.

Published: April 24, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46506

Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon – Amazon Affiliate Plugin allows Reflected XSS. This issue affects WpZon – Amazon Affiliate Plugin: from n/a through 1.3.

Published: April 24, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46505

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farinspace Peekaboo allows Stored XSS. This issue affects Peekaboo: from n/a through 1.1.

Published: April 24, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46504

Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code allows Stored XSS. This issue affects Vasaio QR Code: from n/a through 1.2.5.

Published: April 24, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46501

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biancardi Mixcloud Embed allows Stored XSS. This issue affects Mixcloud Embed: from n/a through 2.2.0.

Published: April 24, 2025; 12:15:40 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46499

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout allows Stored XSS. This issue affects PayPal Express Checkout: from n/a through 2.1.2.

Published: April 24, 2025; 12:15:40 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46497

Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics allows Stored XSS. This issue affects Navegg Analytics: from n/a through 3.3.3.

Published: April 24, 2025; 12:15:40 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46496

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oniswap Mini twitter feed allows Stored XSS. This issue affects Mini twitter feed: from n/a through 3.0.

Published: April 24, 2025; 12:15:40 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46495

Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps allows Stored XSS. This issue affects Drop Caps: from n/a through 2.1.

Published: April 24, 2025; 12:15:40 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46492

Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1.

Published: April 24, 2025; 12:15:39 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46491

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Muro Multi-Column Taxonomy List allows Stored XSS. This issue affects Multi-Column Taxonomy List: from n/a through 1.5.

Published: April 24, 2025; 12:15:39 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46484

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasir179125 Image Hover Effects For WPBakery Page Builder allows DOM-Based XSS. This issue affects Image Hover Effects For WPBakery Page Builder: from n/a through 2.0.

Published: April 24, 2025; 12:15:39 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)