Total
43367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47679 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RS WP THEMES RS WP Book Showcase rs-wp-books-showcase allows DOM-Based XSS.This issue affects RS WP Book Showcase: from n/a through <= 6.7.59. | |||||
| CVE-2025-58211 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Stored XSS.This issue affects Chatbox Manager: from n/a through <= 1.2.6. | |||||
| CVE-2024-51886 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takashi Matsuyama Posts Filter posts-filter allows Stored XSS.This issue affects Posts Filter: from n/a through <= 1.3.1. | |||||
| CVE-2025-31021 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart mobile-smart allows Reflected XSS.This issue affects Mobile Smart: from n/a through <= v1.3.16. | |||||
| CVE-2023-4604 | 2026-04-15 | N/A | 6.1 MEDIUM | ||
| The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2025-26756 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grimdonkey Magic the Gathering Card Tooltips magic-the-gathering-card-tooltips allows Stored XSS.This issue affects Magic the Gathering Card Tooltips: from n/a through <= 3.5.0. | |||||
| CVE-2025-53278 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.6.0. | |||||
| CVE-2024-28126 | 2026-04-15 | N/A | 6.1 MEDIUM | ||
| Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using 0ch BBS Script ver.4.00. | |||||
| CVE-2025-58658 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proof Factor LLC Proof Factor – Social Proof Notifications proof-factor-social-proof-notifications allows Stored XSS.This issue affects Proof Factor – Social Proof Notifications: from n/a through <= 1.0.5. | |||||
| CVE-2024-5501 | 2026-04-15 | N/A | 6.4 MEDIUM | ||
| The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_one_id’ parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-39502 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hostel gdlr-hostel allows Reflected XSS.This issue affects Goodlayers Hostel: from n/a through <= 3.1.2. | |||||
| CVE-2026-2383 | 2026-04-15 | N/A | 6.4 MEDIUM | ||
| The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-54683 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration wp-modal-popup-with-cookie-integration allows Reflected XSS.This issue affects WP Modal Popup with Cookie Integration: from n/a through <= 2.4. | |||||
| CVE-2025-46482 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyThemeShop WP Quiz wp-quiz allows Stored XSS.This issue affects WP Quiz: from n/a through <= 2.0.10. | |||||
| CVE-2025-67824 | 2026-04-15 | N/A | 6.1 MEDIUM | ||
| The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when the user attempts to create a timesheet with the filter timesheet type on the custom timesheet dialog because the filter name is not properly sanitized during the action. | |||||
| CVE-2025-26574 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moch Amir Google Drive WP Media google-drive-wp-media allows Stored XSS.This issue affects Google Drive WP Media: from n/a through <= 2.4.4. | |||||
| CVE-2025-8619 | 2026-04-15 | N/A | 6.4 MEDIUM | ||
| The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-34923 | 2026-04-15 | N/A | 6.1 MEDIUM | ||
| In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS). | |||||
| CVE-2025-57950 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Glen Scott Plugin Security Scanner plugin-security-scanner allows Stored XSS.This issue affects Plugin Security Scanner: from n/a through <= 2.0.2. | |||||
| CVE-2025-39577 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Stored XSS.This issue affects PropertyHive: from n/a through <= 2.1.2. | |||||