Skip to main content
CVE-2025-36529 HIGH This Week

An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-2940 HIGH PATCH This Week

The Ninja Tables - Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

WordPress SSRF Ninja Tables PHP
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-36595 HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.

RCE Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-52799 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS allows Reflected XSS. This issue affects LMS: from n/a through 9.1.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52778 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary allows Reflected XSS. This issue affects xili-dictionary: from n/a through 2.12.5.2.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52774 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.12.7.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52727 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables allows Reflected XSS. This issue affects CSS3 Vertical Web Pricing Tables: from n/a through 1.9.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-50052 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Counter allows Reflected XSS. This issue affects Flexo Counter: from n/a through 1.0001.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49423 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Tahir Ali Jan Bulk YouTube Post Creator allows Reflected XSS. This issue affects Bulk YouTube Post Creator: from n/a through 1.0.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49290 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Reflected XSS. This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.4.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-47654 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Reflected XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.20.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-47574 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-39488 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne allows Reflected XSS. This issue affects MagOne: from n/a through 8.5.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-39478 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-31428 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-31067 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a through 1.4.4.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-30972 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify allows Stored XSS. This issue affects Woocommerce Line Notify: from n/a through 1.1.7.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28988 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor allows Reflected XSS. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.3.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28960 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine allows Reflected XSS. This issue affects Evangelische Termine: from n/a through 3.3.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28956 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp allows Reflected XSS. This issue affects Backwp: from n/a through 2.0.2.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-27361 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google allows Reflected XSS. This issue affects Photo Express for Google: from n/a through 0.3.2.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-25173 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook allows Stored XSS. This issue affects FastBook: from n/a through 1.1.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-24774 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows Reflected XSS. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through 3.2.0.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23973 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugudlabs SpecFit-Virtual Try On Woocommerce allows Stored XSS. This issue affects SpecFit-Virtual Try On Woocommerce: from n/a through 7.0.6.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49321 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53338 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53332 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything allows Stored XSS. This issue affects Track Everything: from n/a through 2.0.1.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53331 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest allows Stored XSS. This issue affects RSS Digest: from n/a through 1.5.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53329 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in szajenw Społecznościowa 6 PL 2013 allows Stored XSS. This issue affects Społecznościowa 6 PL 2013: from n/a through 2.0.6.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53317 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AcmeeDesign WPShapere Lite allows Stored XSS. This issue affects WPShapere Lite: from n/a through 1.4.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53315 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload allows Stored XSS. This issue affects Relocate Upload: from n/a through 0.24.1.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53313 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite allows Stored XSS. This issue affects Twitch TV Embed Suite: from n/a through 2.1.0.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53312 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz allows Stored XSS. This issue affects OnionBuzz: from n/a through 1.0.7.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53311 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe allows Stored XSS. This issue affects Navayan Subscribe: from n/a through 1.13.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53310 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Funnnny HidePost allows Reflected XSS. This issue affects HidePost: from n/a through 2.3.8.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53308 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description allows Stored XSS. This issue affects Image Slider With Description: from n/a through 9.2.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53305 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in lucidcrew WP Forum Server allows Stored XSS. This issue affects WP Forum Server: from n/a through 1.8.2.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53274 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator allows Stored XSS. This issue affects WP Permalink Translator: from n/a through 1.7.6.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53271 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Anton Bond Additional Order Filters for WooCommerce allows Stored XSS. This issue affects Additional Order Filters for WooCommerce: from n/a through 1.22.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy