Export limit exceeded: 45477 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45477 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48313 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevin heath Tripadvisor Shortcode tripadvisor-shortcode allows Stored XSS.This issue affects Tripadvisor Shortcode: from n/a through <= 2.2. | ||||
| CVE-2025-47604 | 2 Data443, Wordpress | 2 Inline Related Posts, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. Inline Related Posts intelly-related-posts allows Stored XSS.This issue affects Inline Related Posts: from n/a through <= 3.8.0. | ||||
| CVE-2025-3613 | 2026-04-15 | 3.5 Low | ||
| A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. This vulnerability affects unknown code of the file /visualization. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3615 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-48315 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stanton119 WordPress HTML custom-html-bodyhead allows Stored XSS.This issue affects WordPress HTML: from n/a through <= 0.51. | ||||
| CVE-2025-28905 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through <= 1.7. | ||||
| CVE-2025-28908 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pipdig pipDisqus pipdisqus allows Stored XSS.This issue affects pipDisqus: from n/a through <= 1.6. | ||||
| CVE-2025-28926 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in popeating Post Read Time post-read-time allows Stored XSS.This issue affects Post Read Time: from n/a through <= 1.2.6. | ||||
| CVE-2025-28929 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vivek Marakana Tabbed Login Widget tabbed-login allows Stored XSS.This issue affects Tabbed Login Widget: from n/a through <= 1.1.2. | ||||
| CVE-2025-3706 | 2026-04-15 | 6.1 Medium | ||
| The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | ||||
| CVE-2025-47621 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Flexible Shortcodes meks-flexible-shortcodes allows Stored XSS.This issue affects Meks Flexible Shortcodes: from n/a through <= 1.3.6. | ||||
| CVE-2025-28930 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodolphe MOULIN List Mixcloud list-mixcloud allows Stored XSS.This issue affects List Mixcloud: from n/a through <= 1.4. | ||||
| CVE-2025-28937 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through <= 1.1.9. | ||||
| CVE-2025-13418 | 2 Spwebguy, Wordpress | 2 Responsive Pricing Table, Wordpress | 2026-04-15 | 6.4 Medium |
| The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-10876 | 1 Talentsoftware | 1 Bap Automation | 2026-04-15 | 5.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Cross-Site Scripting (XSS).This issue affects e-BAP Automation: from 1.8.96 before v.41815. | ||||
| CVE-2025-47668 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cookiecode CookieCode cookiecode allows Stored XSS.This issue affects CookieCode: from n/a through <= 2.4.4. | ||||
| CVE-2024-44024 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Medical Addon for Elementor medical-addon-for-elementor allows Stored XSS.This issue affects Medical Addon for Elementor: from n/a through <= 1.6.4. | ||||
| CVE-2024-44025 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicejob NiceJob nicejob allows Stored XSS.This issue affects NiceJob: from n/a through < 3.6.5. | ||||
| CVE-2025-47677 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Stored XSS.This issue affects Photo Gallery: from n/a through <= 2.7.7.25. | ||||
| CVE-2024-44036 | 2 Pierre Lebedel, Wordpress | 2 Kodex Posts Likes, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through <= 2.5.0. | ||||