Export limit exceeded: 45469 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45469 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6767 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.5 Medium |
| The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sounding_title’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-13739 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `cryptx` shortcode in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13463 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-11767 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13452 | 2026-04-15 | 6.1 Medium | ||
| The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-49243 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark ShiftNav – Responsive Mobile Menu shiftnav-responsive-mobile-menu allows Stored XSS.This issue affects ShiftNav – Responsive Mobile Menu: from n/a through <= 1.8. | ||||
| CVE-2025-49244 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vova Shortcodes Ultimate shortcodes-ultimate allows Stored XSS.This issue affects Shortcodes Ultimate: from n/a through <= 7.3.5. | ||||
| CVE-2025-49290 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Reflected XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through <= 0.5.8.4. | ||||
| CVE-2025-49310 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through <= 2.2.8. | ||||
| CVE-2025-49322 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a. | ||||
| CVE-2023-7303 | 2026-04-15 | 3.5 Low | ||
| A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.8 is able to address this issue. The patch is named 0ca85ca02f8aceb661e9b71fd229c45d388ea5b5. It is recommended to upgrade the affected component. | ||||
| CVE-2020-36915 | 2026-04-15 | 7.5 High | ||
| Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions. | ||||
| CVE-2024-12995 | 1 Ruifang-tech | 1 Rebuild | 2026-04-15 | 3.5 Low |
| A vulnerability classified as problematic has been found in ruifang-tech Rebuild 3.8.6. This affects an unknown part of the file /project/050-9000000000000001/tasks of the component Project Tasks Section. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2020-36853 | 2 10web, Wordpress | 2 Map Builder For Google Maps, Wordpress | 2026-04-15 | 7.2 High |
| The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-32699 | 2026-04-15 | N/A | ||
| Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2. | ||||
| CVE-2025-52492 | 2026-04-15 | 7.5 High | ||
| A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains a copy of the firmware can extract these credentials. This could allow the attacker to gain unauthorized access to the associated Twilio account, leading to information disclosure, potential service disruption, and unauthorized use of the Twilio services. | ||||
| CVE-2024-12285 | 2026-04-15 | 6.1 Medium | ||
| The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-52774 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a through <= 2.15.06. | ||||
| CVE-2025-52778 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xili-dictionary: from n/a through <= 2.12.5.2. | ||||
| CVE-2025-52799 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS lms allows Reflected XSS.This issue affects LMS: from n/a through <= 9.2. | ||||