Total
43364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68520 | 2026-04-15 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods DotLife dotlife allows Reflected XSS.This issue affects DotLife: from n/a through < 4.9.5. | |||||
| CVE-2025-31875 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginic FancyPost post-block allows DOM-Based XSS.This issue affects FancyPost: from n/a through <= 6.0.1. | |||||
| CVE-2025-23687 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simonhunter Woo Store Mode woo-store-mode allows Reflected XSS.This issue affects Woo Store Mode: from n/a through <= 1.0.1. | |||||
| CVE-2024-34420 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in talspotim Comments Evolved for WordPress allows Stored XSS.This issue affects Comments Evolved for WordPress: from n/a through 1.6.3. | |||||
| CVE-2024-3726 | 2026-04-15 | N/A | 6.4 MEDIUM | ||
| The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-31592 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo Melchiorre Send E-mail send-e-mail allows Stored XSS.This issue affects Send E-mail: from n/a through <= 1.3. | |||||
| CVE-2025-49429 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Video Embeds video-embeds allows Stored XSS.This issue affects Video Embeds: from n/a through <= 0.1.1. | |||||
| CVE-2025-58213 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ameliabooking Booking System Trafft booking-system-trafft allows Stored XSS.This issue affects Booking System Trafft: from n/a through <= 1.0.14. | |||||
| CVE-2025-27005 | 2026-04-15 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through <= 5.3.5. | |||||
| CVE-2025-57954 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker poll-maker allows DOM-Based XSS.This issue affects Poll Maker: from n/a through <= 6.0.2. | |||||
| CVE-2024-12126 | 2026-04-15 | N/A | 6.1 MEDIUM | ||
| The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘google_error’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2025-23732 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in franciscopalacios Easy Filtering easy-filtering allows Reflected XSS.This issue affects Easy Filtering: from n/a through <= 2.5.0. | |||||
| CVE-2025-11825 | 2026-04-15 | N/A | 6.4 MEDIUM | ||
| The Playerzbr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'urlmeta' post meta field in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-56208 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= 1.0.71. | |||||
| CVE-2025-25078 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrew Norcross Google Earth Embed google-earth-tours allows Stored XSS.This issue affects Google Earth Embed: from n/a through <= 1.0. | |||||
| CVE-2025-23078 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Breadcrumbs2 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Breadcrumbs2 extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.5, from 1.42.X before 1.42.4. | |||||
| CVE-2024-2634 | 2026-04-15 | N/A | 6.1 MEDIUM | ||
| A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sse_generico/generico_login.jsp' is vulnerable to XSS attack via 'lang' query, i.e. '/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f¶ms='. | |||||
| CVE-2025-12398 | 2026-04-15 | N/A | 6.1 MEDIUM | ||
| The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_key' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2025-26541 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Reflected XSS.This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through <= 1.7.6. | |||||
| CVE-2025-62040 | 2026-04-15 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YOP YOP Poll yop-poll.This issue affects YOP Poll: from n/a through <= 6.5.37. | |||||