Total
43636 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29802 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3. | ||||
| CVE-2025-47505 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce product-countdown-for-woocommerce allows Stored XSS.This issue affects Product Time Countdown for WooCommerce: from n/a through <= 1.6.2. | ||||
| CVE-2025-47504 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Custom Checkout Fields for WooCommerce custom-checkout-fields-for-woocommerce allows Stored XSS.This issue affects Custom Checkout Fields for WooCommerce: from n/a through <= 1.8.3. | ||||
| CVE-2025-31571 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider the-logo-slider allows Reflected XSS.This issue affects The Logo Slider: from n/a through <= 1.0.0. | ||||
| CVE-2025-47503 | 1 Wpo-hr | 1 Ngg Smart Image Search | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows Stored XSS.This issue affects NGG Smart Image Search: from n/a through <= 3.3.3. | ||||
| CVE-2025-3157 | 1 Intelbras | 1 Wrn 150 | 2026-04-15 | 2.4 Low |
| A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor was contacted early about this issue and explains that the latest version is not affected. | ||||
| CVE-2025-31077 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through <= 3.2.7. | ||||
| CVE-2025-31086 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WBW Plugins Product Table by WBW woo-product-tables allows Reflected XSS.This issue affects Product Table by WBW: from n/a through <= 2.1.4. | ||||
| CVE-2025-31090 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alordiel Dropdown Multisite selector dropdown-multisite-selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through < 0.9.4. | ||||
| CVE-2025-31091 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Header and Footer cm-header-footer-script-loader allows Stored XSS.This issue affects CM Header and Footer: from n/a through <= 1.2.4. | ||||
| CVE-2025-31092 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through <= 2.3.4. | ||||
| CVE-2025-31094 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through <= 1.3.8. | ||||
| CVE-2025-31096 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through <= 4.1.25. | ||||
| CVE-2025-31101 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through 1.0. | ||||
| CVE-2025-31102 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.5. | ||||
| CVE-2025-31165 | 2026-04-15 | N/A | ||
| Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature. | ||||
| CVE-2025-31325 | 2026-04-15 | 5.8 Medium | ||
| Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the attacker limited access to restricted information. The vulnerability does not affect data integrity or availability and operates entirely within the context of the client's browser. | ||||
| CVE-2025-47443 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: from n/a through <= 2.7.4. | ||||
| CVE-2025-31379 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HTML Here: from n/a through <= 1.0. | ||||
| CVE-2025-47458 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B2itech B2i Investor Tools b2i-investor-tools allows Reflected XSS.This issue affects B2i Investor Tools: from n/a through <= 1.0.7.9. | ||||