Skip to main content
CVE-2025-5568 MEDIUM PATCH This Month

The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Event Manager And Tickets Selling For Woocommerce PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-9994 MEDIUM This Month

The Essential Addons for Elementor - Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2024-9993 MEDIUM This Month

The Essential Addons for Elementor - Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5528 MEDIUM This Month

The Social Sharing Plugin - Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.

WordPress XSS Sassy Social Share PHP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-5814 MEDIUM This Month

A security vulnerability in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy