Total
366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-28132 | 2026-04-28 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.4.4. | |||||
| CVE-2026-24564 | 2026-04-28 | N/A | 4.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <= 3.6.5. | |||||
| CVE-2026-25006 | 2026-04-27 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4. | |||||
| CVE-2025-69169 | 2026-04-27 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through <= 1.1.11. | |||||
| CVE-2025-58970 | 2026-04-27 | N/A | 6.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through <= 1.6.7. | |||||
| CVE-2025-49398 | 2026-04-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through <= 3.12.14. | |||||
| CVE-2025-47600 | 2026-04-27 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through <= 8.3.7. | |||||
| CVE-2025-62897 | 2026-04-27 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through < 10.1.0. | |||||
| CVE-2025-62936 | 2026-04-27 | N/A | 4.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Jthemes xSmart xsmart allows Code Injection.This issue affects xSmart: from n/a through <= 1.2.9.4. | |||||
| CVE-2025-64225 | 2026-04-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through <= 1.2.11. | |||||
| CVE-2026-1834 | 2026-04-24 | N/A | 6.4 MEDIUM | ||
| The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2026-39625 | 2026-04-24 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through <= 3.0.3. | |||||
| CVE-2026-39629 | 2026-04-24 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9. | |||||
| CVE-2026-35460 | 1 Papra | 1 Papra | 2026-04-24 | N/A | 4.3 MEDIUM |
| Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. An attacker who registers with a display name containing HTML tags will have those tags injected into the verification and password reset email bodies. Since emails are sent from the legitimate domain (e.g: auth@mail.papra.app), this enables convincing phishing attacks that appear to originate from official Papra notifications. This vulnerability is fixed in 26.4.0. | |||||
| CVE-2026-1564 | 1 Pega | 1 Pega Platform | 2026-04-23 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role. | |||||
| CVE-2025-60100 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through < 9.6. | |||||
| CVE-2025-59573 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CozyThemes Cozy Blocks cozy-addons allows Code Injection.This issue affects Cozy Blocks: from n/a through <= 2.1.29. | |||||
| CVE-2025-57928 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Code Injection.This issue affects AWP Classifieds: from n/a through <= 4.4.3. | |||||
| CVE-2025-54698 | 2026-04-23 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through <= 5.0.0. | |||||
| CVE-2025-39524 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in bPlugins Html5 Audio Player html5-audio-player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through <= 2.2.28. | |||||