Total
43661 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48094 | 2 Lambertgroup, Wordpress | 2 Magic Slider, Wordpress | 2026-04-15 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Slider magic_slider allows Reflected XSS.This issue affects Magic Slider: from n/a through <= 2.2. | ||||
| CVE-2025-48095 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8. | ||||
| CVE-2025-48098 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8. | ||||
| CVE-2023-45707 | 2026-04-15 | 4.4 Medium | ||
| HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks. | ||||
| CVE-2025-48107 | 2 Undsgn, Wordpress | 2 Uncode, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undsgn Uncode uncode allows Reflected XSS.This issue affects Uncode: from n/a through < 2.9.4.4. | ||||
| CVE-2025-48121 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget wp-notes-widget allows DOM-Based XSS.This issue affects WP Notes Widget: from n/a through <= 1.0.6. | ||||
| CVE-2025-3598 | 2026-04-15 | 6.1 Medium | ||
| The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-3612 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. This affects an unknown part of the file /visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3615 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-48131 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite ultraaddons-elementor-lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through <= 2.0.2. | ||||
| CVE-2025-48143 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! formularios-de-contacto-salesup allows Reflected XSS.This issue affects Formulario de contacto SalesUp!: from n/a through <= 1.0.14. | ||||
| CVE-2025-48145 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michal Jaworski Track, Analyze & Optimize by WP Tao wp-tao allows Reflected XSS.This issue affects Track, Analyze & Optimize by WP Tao: from n/a through <= 1.3. | ||||
| CVE-2025-3661 | 2026-04-15 | 6.4 Medium | ||
| The SB Chart block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-3669 | 2026-04-15 | 6.4 Medium | ||
| The Supreme Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auto_qrcodesabb shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-3670 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The KiwiChat NextClient plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-48154 | 2 Lambertgroup, Wordpress | 2 Multimedia Playlist Slider Addon For Wpbakery Page Builder, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through <= 2.1. | ||||
| CVE-2025-3688 | 1 Mirweiye | 1 Seven Bears Library Cms | 2026-04-15 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in mirweiye Seven Bears Library CMS 2023. This affects an unknown part of the component Background Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-48163 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support lbg-audio8-html5-radio-ads allows Reflected XSS.This issue affects SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support: from n/a through <= 3.5.4. | ||||
| CVE-2025-37109 | 1 Hpe | 1 Telco Service Activator | 2026-04-15 | 3.5 Low |
| Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product | ||||
| CVE-2024-52809 | 1 Intlify | 1 Vue-i18n | 2026-04-15 | N/A |
| vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||