Total
41087 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58195 | 2025-08-29 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS. This issue affects Xpro Elementor Addons: from n/a through 1.4.17. | ||||
| CVE-2025-58194 | 2 Bold-themes, Wordpress | 2 Bold Page Builder, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.3. | ||||
| CVE-2025-30036 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights. | ||||
| CVE-2025-58213 | 2 Ameliabooking, Wordpress | 2 Booking System Trafft, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ameliabooking Booking System Trafft allows Stored XSS. This issue affects Booking System Trafft: from n/a through 1.0.14. | ||||
| CVE-2025-58197 | 2025-08-29 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mra13 / Team Tips and Tricks HQ Simple Download Monitor allows Stored XSS. This issue affects Simple Download Monitor: from n/a through 3.9.34. | ||||
| CVE-2025-58196 | 2 Uicore, Wordpress | 2 Elements, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements allows Stored XSS. This issue affects UiCore Elements: from n/a through 1.3.4. | ||||
| CVE-2025-58216 | 2 Jgwhite33, Wordpress | 2 Wp Thumbtack Review Slider, Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Thumbtack Review Slider allows Stored XSS. This issue affects WP Thumbtack Review Slider: from n/a through 2.6. | ||||
| CVE-2025-48323 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Abunaser Khan Advance Food Menu allows Stored XSS. This issue affects Advance Food Menu: from n/a through 1.0. | ||||
| CVE-2025-48315 | 2025-08-29 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stanton119 WordPress HTML allows Stored XSS. This issue affects WordPress HTML: from n/a through 0.51. | ||||
| CVE-2025-58212 | 2 Epeken, Wordpress | 2 All Kurir, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir allows DOM-Based XSS. This issue affects Epeken All Kurir: from n/a through 2.0.1. | ||||
| CVE-2025-58211 | 2 Alexvtn, Wordpress | 2 Chatbox Manager, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager allows Stored XSS. This issue affects Chatbox Manager: from n/a through 1.2.6. | ||||
| CVE-2025-58209 | 2 Rtcamp, Wordpress | 2 Transcoder, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtCamp Transcoder allows Stored XSS. This issue affects Transcoder: from n/a through 1.4.0. | ||||
| CVE-2025-58208 | 2025-08-29 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder allows Stored XSS. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 6.2.0. | ||||
| CVE-2025-58205 | 2 Elementinvader, Wordpress | 2 Elementinvader Addons For Elementor, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.6. | ||||
| CVE-2025-48356 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Isra Kanpress allows Stored XSS. This issue affects Kanpress: from n/a through 1.1. | ||||
| CVE-2025-9352 | 2 Pronamic, Wordpress | 2 Google Maps, Wordpress | 2025-08-29 | 5.4 Medium |
| The Pronamic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description field in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-9346 | 2025-08-29 | 6.4 Medium | ||
| The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 10.14.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8073 | 2025-08-29 | 6.4 Medium | ||
| The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-48358 | 2025-08-29 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in everythingwp Risk Free Cash On Delivery (COD) – WooCommerce allows Stored XSS. This issue affects Risk Free Cash On Delivery (COD) – WooCommerce: from n/a through 1.0.4. | ||||
| CVE-2025-48313 | 2025-08-29 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevin heath Tripadvisor Shortcode allows Stored XSS. This issue affects Tripadvisor Shortcode: from n/a through 2.2. | ||||