Skip to main content
CVE-2025-31067 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a through 1.4.4.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-30972 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify allows Stored XSS. This issue affects Woocommerce Line Notify: from n/a through 1.1.7.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28988 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor allows Reflected XSS. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.3.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28960 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine allows Reflected XSS. This issue affects Evangelische Termine: from n/a through 3.3.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28956 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp allows Reflected XSS. This issue affects Backwp: from n/a through 2.0.2.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-27361 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google allows Reflected XSS. This issue affects Photo Express for Google: from n/a through 0.3.2.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-25173 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook allows Stored XSS. This issue affects FastBook: from n/a through 1.1.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-24774 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows Reflected XSS. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through 3.2.0.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23973 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugudlabs SpecFit-Virtual Try On Woocommerce allows Stored XSS. This issue affects SpecFit-Virtual Try On Woocommerce: from n/a through 7.0.6.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49321 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53338 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53332 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything allows Stored XSS. This issue affects Track Everything: from n/a through 2.0.1.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53331 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest allows Stored XSS. This issue affects RSS Digest: from n/a through 1.5.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53329 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in szajenw Społecznościowa 6 PL 2013 allows Stored XSS. This issue affects Społecznościowa 6 PL 2013: from n/a through 2.0.6.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53317 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AcmeeDesign WPShapere Lite allows Stored XSS. This issue affects WPShapere Lite: from n/a through 1.4.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53315 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload allows Stored XSS. This issue affects Relocate Upload: from n/a through 0.24.1.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53313 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite allows Stored XSS. This issue affects Twitch TV Embed Suite: from n/a through 2.1.0.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53312 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz allows Stored XSS. This issue affects OnionBuzz: from n/a through 1.0.7.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53311 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe allows Stored XSS. This issue affects Navayan Subscribe: from n/a through 1.13.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53310 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Funnnny HidePost allows Reflected XSS. This issue affects HidePost: from n/a through 2.3.8.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53308 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description allows Stored XSS. This issue affects Image Slider With Description: from n/a through 9.2.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53305 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in lucidcrew WP Forum Server allows Stored XSS. This issue affects WP Forum Server: from n/a through 1.8.2.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53274 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator allows Stored XSS. This issue affects WP Permalink Translator: from n/a through 1.7.6.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53271 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Anton Bond Additional Order Filters for WooCommerce allows Stored XSS. This issue affects Additional Order Filters for WooCommerce: from n/a through 1.22.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-40910 MEDIUM This Month

CVE-2025-40910 is a security vulnerability (CVSS 6.5) that allows attackers. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53284 MEDIUM This Month

A security vulnerability in pankaj (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53336 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abditsori My Resume Builder allows Stored XSS. This issue affects My Resume Builder: from n/a through 1.0.3.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53321 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raise The Money Raise The Money allows DOM-Based XSS. This issue affects Raise The Money: from n/a through 5.2.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53320 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from n/a through 1.0.4.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53301 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Junkie Theme Junkie Team Content allows DOM-Based XSS. This issue affects Theme Junkie Team Content: from n/a through 0.1.1.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53300 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in douglaskarr Podcast Feed Player Widget and Shortcode allows Stored XSS. This issue affects Podcast Feed Player Widget and Shortcode: from n/a through 2.2.0.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53294 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smart Agenda Smart Agenda allows Stored XSS. This issue affects Smart Agenda: from n/a through 4.9.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53292 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in samsk WP DataTable allows DOM-Based XSS. This issue affects WP DataTable: from n/a through 0.2.7.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53290 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MS WP Visual Sitemap allows Stored XSS. This issue affects WP Visual Sitemap: from n/a through 1.0.2.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53282 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Thumbnail Editor allows Stored XSS. This issue affects Thumbnail Editor: from n/a through 2.3.3.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53280 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.5.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53279 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman Popup addon for Ninja Forms allows DOM-Based XSS. This issue affects Popup addon for Ninja Forms: from n/a through 3.4.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53278 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.6.0.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53276 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress allows DOM-Based XSS. This issue affects Omnipress: from n/a through 1.6.3.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53275 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows DOM-Based XSS. This issue affects Leyka: from n/a through 3.31.9.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53206 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Mega - Absolute Addons for WPBakery Page Builder allows Stored XSS. This issue affects HT Mega - Absolute Addons for WPBakery Page Builder: from n/a through 1.0.8.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53202 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows DOM-Based XSS. This issue affects Responsive Blocks: from n/a through 2.0.6.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53199 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Slider For Elementor allows DOM-Based XSS. This issue affects HT Slider For Elementor: from n/a through 1.6.5.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50370 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request.

PHP CSRF Medical Card Generation System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50369 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request.

PHP CSRF Medical Card Generation System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6550 MEDIUM This Month

The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_options’ parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS The Pack Elementor Addons PHP Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-4587 MEDIUM This Month

The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6488 MEDIUM This Month

The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5940 MEDIUM This Month

The Osom Blocks - Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5398 MEDIUM PATCH This Month

The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Ninja Forms PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy