Total
43486 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59569 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Stored XSS.This issue affects CubeWP: from n/a through <= 1.1.26. | |||||
| CVE-2025-59565 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce upsell-order-bump-offer-for-woocommerce allows Stored XSS.This issue affects Upsell Order Bump Offer for WooCommerce: from n/a through <= 3.0.7. | |||||
| CVE-2025-59553 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coderz Studio Custom iFrame for Elementor custom-iframe allows DOM-Based XSS.This issue affects Custom iFrame for Elementor: from n/a through <= 1.0.13. | |||||
| CVE-2025-59552 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Dev Team Save as PDF save-as-pdf-by-pdfcrowd allows Stored XSS.This issue affects Save as PDF: from n/a through <= 4.5.2. | |||||
| CVE-2025-59549 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms getresponse allows Stored XSS.This issue affects GetResponse Forms: from n/a through <= 2.6.0. | |||||
| CVE-2025-59135 | 2026-04-23 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5. | |||||
| CVE-2025-59012 | 2026-04-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through < 3.2.3. | |||||
| CVE-2025-58992 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog Simple: from n/a through <= 1.8.2. | |||||
| CVE-2025-58990 | 1 Hasthemes | 1 Shoplentor | 2026-04-23 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems ShopLentor woolentor-addons allows Stored XSS.This issue affects ShopLentor: from n/a through <= 3.2.0. | |||||
| CVE-2025-58989 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 dynamic-text-field-for-contact-form-7 allows Stored XSS.This issue affects Dynamic Text Field For Contact Form 7: from n/a through <= 1.0. | |||||
| CVE-2025-58988 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Dolson My Tickets my-tickets allows Stored XSS.This issue affects My Tickets: from n/a through <= 2.0.22. | |||||
| CVE-2025-58987 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool football-pool allows Stored XSS.This issue affects Football Pool: from n/a through <= 2.12.6. | |||||
| CVE-2025-58985 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce product-tabs-for-woocommerce allows Stored XSS.This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through <= 1.7.3. | |||||
| CVE-2025-58984 | 2026-04-23 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Stored XSS.This issue affects Welcart e-Commerce: from n/a through <= 2.11.20. | |||||
| CVE-2025-58983 | 2026-04-23 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me include-me allows Stored XSS.This issue affects Include Me: from n/a through <= 1.3.2. | |||||
| CVE-2025-58974 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through <= 2.9.5.2. | |||||
| CVE-2025-58960 | 2026-04-23 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login ip-based-login allows Stored XSS.This issue affects IP Based Login: from n/a through <= 2.4.3. | |||||
| CVE-2025-58917 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through <= 1.0.13. | |||||
| CVE-2025-58915 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design Request a Quote request-a-quote allows Stored XSS.This issue affects Request a Quote: from n/a through <= 2.5.0. | |||||
| CVE-2025-58886 | 2026-04-23 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tan Nguyen Instant Locations instant-locations allows Stored XSS.This issue affects Instant Locations: from n/a through <= 1.0. | |||||