Export limit exceeded: 45987 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45987 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3069 | 1 Wordlift | 1 Wordlift | 2025-05-22 | 4.8 Medium |
| The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2023-6432 | 1 Bigprof | 1 Online Invoicing System | 2025-05-22 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2022-3135 | 1 Seo Smart Links Project | 1 Seo Smart Links | 2025-05-21 | 4.8 Medium |
| The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2861 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | 6.5 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. | ||||
| CVE-2022-2404 | 1 Themehunk | 1 Wp Popup Builder | 2025-05-21 | 6.1 Medium |
| The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1755 | 1 Benbodhi | 1 Svg Support | 2025-05-21 | 5.4 Medium |
| The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks | ||||
| CVE-2024-13853 | 1 Zynit | 1 Seo Tools | 2025-05-21 | 6.1 Medium |
| The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-13862 | 1 S3bubble | 1 S3bubble-amazon-web-services-oembed-media-streaming-support | 2025-05-21 | 7.1 High |
| The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-0629 | 1 Gallagherwebsitedesign | 1 Coronavirus \(covid-19\) Notice Message | 2025-05-21 | 4.8 Medium |
| The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-25925 | 1 Openmrs | 1 Openmrs | 2025-05-21 | 4.8 Medium |
| A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form. | ||||
| CVE-2022-38975 | 1 Ec-cube | 1 Ec-cube | 2025-05-21 | 5.4 Medium |
| DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page. | ||||
| CVE-2024-6334 | 1 Magazine3 | 1 Easy Table Of Contents | 2025-05-21 | 6.1 Medium |
| The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2024-3410 | 1 Digireturn | 1 Footer Contacts Bar | 2025-05-21 | 4.3 Medium |
| The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-4057 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-21 | 6.1 Medium |
| The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-3937 | 1 Info-d-74 | 1 Playlist For Youtube | 2025-05-21 | 4.8 Medium |
| The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3921 | 1 Takahashifumiki | 1 Gianism | 2025-05-21 | 4.8 Medium |
| The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3939 | 1 Metaphorcreations | 1 Ditty | 2025-05-21 | 5.4 Medium |
| The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3920 | 1 Flattr | 1 Flattr | 2025-05-21 | 3.5 Low |
| The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3918 | 1 Dianakcury | 1 Pet Manager | 2025-05-21 | 4.8 Medium |
| The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-3917 | 1 Dianakcury | 1 Pet Manager | 2025-05-21 | 6.1 Medium |
| The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||