Skip to main content
CVE-2026-24943 HIGH This Week

Reflected cross-site scripting in ThemeGoods Grand Conference up to version 5.3.4 enables attackers to inject malicious scripts into web pages viewed by users, potentially stealing session data or performing actions on their behalf. The vulnerability requires user interaction to trigger but can be exploited remotely without authentication. No patch is currently available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-22357 HIGH This Week

Reflected cross-site scripting in Link Whisper Free through version 0.9.0 allows unauthenticated attackers to inject malicious scripts into web pages viewed by other users. Exploitation requires user interaction (clicking a malicious link) but can lead to session hijacking, credential theft, and unauthorized actions performed on behalf of victims. No patch is currently available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-22352 HIGH This Week

PersianScript Persian Woocommerce SMS persian-woocommerce-sms is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69392 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itex iMoney imoney allows Reflected XSS.This issue affects iMoney: from n/a through <= 0.36. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69391 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through <= 2.4.8. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69390 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Business Template Blocks for WPBakery (Visual Composer) Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for WPBakery (Visual Composer) Page Builder: from n/a through <= 1.3.2. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69389 HIGH This Week

Hugh Mungus Visitor Maps Extended Referer Field visitor-maps-extended-referer-field is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69386 HIGH This Week

realvirtualmx RVCFDI para Woocommerce rvcfdi-para-woocommerce is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69384 HIGH This Week

wpdiscover Timeline Event History timeline-event-history is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69368 HIGH This Week

GT3themes SOHO - Photography WordPress Theme soho is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69367 HIGH This Week

GT3themes Oyster - Photography WordPress Theme oyster is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69330 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through < 1.4.1. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69326 HIGH This Week

Basix NEX-Forms nex-forms-express-wp-form-builder is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69324 HIGH This Week

Basix NEX-Forms nex-forms-express-wp-form-builder is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69323 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2. [CVSS 7.1 HIGH]

WordPress Industrial XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69302 HIGH This Week

designthemes DesignThemes Core Features designthemes-core-features is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69296 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through <= 4.6.3. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68880 HIGH This Week

peterwsterling Simple Archive Generator simple-archive-generator is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68863 HIGH This Week

Zack Katz iContact for Gravity Forms gravity-forms-icontact is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68856 HIGH This Week

keeswolters Mopinion Feedback Form mopinion-feedback-form is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68854 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through <= 2.1.2. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68852 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.9. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68848 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr cron manager amr-cron-manager allows Reflected XSS.This issue affects amr cron manager: from n/a through <= 2.3. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68847 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itex iSape isape allows Reflected XSS.This issue affects iSape: from n/a through <= 0.72. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68846 HIGH This Week

Paris Holley Asynchronous Javascript asynchronous-javascript is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68845 HIGH This Week

aThemeArt Translations eDS Responsive Menu eds-responsive-menu is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68844 HIGH This Week

DaleAB Membee Login membees-member-login-widget is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68843 HIGH This Week

Bas Schuiling FeedWordPress Advanced Filters faf is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68842 HIGH This Week

totalbounty Widget Logic Visual widget-logic-visual is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68501 HIGH This Week

Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68495 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68037 HIGH This Week

Atlas Gondal Export Media URLs export-media-urls is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68031 HIGH This Week

faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-67991 HIGH This Week

vanquish User Extra Fields wp-user-extra-fields is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-67990 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 GMap Targeting gmap-targeting allows Reflected XSS.This issue affects GMap Targeting: from n/a through <= 1.1.7. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-67984 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through <= 2.8.2. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-67978 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through <= 1.6.1. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-67971 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through < 1.3.0. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53237 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Wizard Cloak wp-wizard-cloak allows Reflected XSS.This issue affects WP Wizard Cloak: from n/a through <= 1.0.1. [CVSS 7.1 HIGH]

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53233 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RylanH Storyform storyform allows Reflected XSS.This issue affects Storyform: from n/a through <= 0.6.14. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53231 HIGH This Week

wpdevstudio Easy Taxonomy Images easy-taxonomy-images is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53228 HIGH This Week

jezza101 bbpress Simple Advert Units bbpress-simple-advert-units is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68069 HIGH This Week

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10. [CVSS 7.1 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-27115 HIGH This Week

ADB Explorer through version 0.9.26020 fails to validate user-supplied directory paths, enabling local attackers to trigger recursive deletion of arbitrary filesystem directories including critical system and user folders. An attacker can exploit this by crafting a malicious shortcut or script that launches the application with a sensitive path argument, causing permanent data loss when the application processes the ClearDrag() function at startup or exit. Any user tricked into launching ADB Explorer via a weaponized shortcut or batch file faces complete loss of targeted directories such as Documents or user profile folders.

Path Traversal Microsoft Windows
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy