Total
37574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32183 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Galaxy Weblinks Video Playlist For YouTube allows Stored XSS. This issue affects Video Playlist For YouTube: from n/a through 6.6. | |||||
| CVE-2025-32175 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vektor,Inc. VK Filter Search allows Stored XSS. This issue affects VK Filter Search: from n/a through 2.14.1.0. | |||||
| CVE-2025-32131 | 2025-04-07 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in socialintents Social Intents allows Stored XSS. This issue affects Social Intents: from n/a through 1.6.14. | |||||
| CVE-2025-31416 | 2025-04-07 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through 2.8.4. | |||||
| CVE-2025-32189 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer BWD Elementor Addons allows DOM-Based XSS. This issue affects BWD Elementor Addons: from n/a through 4.3.20. | |||||
| CVE-2025-3251 | 2025-04-07 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability, which was classified as problematic, was found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation of the argument motto leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-32181 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fast Simon Search, Filters & Merchandising for WooCommerce allows Stored XSS. This issue affects Search, Filters & Merchandising for WooCommerce: from n/a through 3.0.57. | |||||
| CVE-2025-32184 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Stored XSS. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0. | |||||
| CVE-2025-2836 | 2025-04-07 | N/A | 6.4 MEDIUM | ||
| The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘payment_method’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-32166 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in John Housholder Emma for WordPress allows Stored XSS. This issue affects Emma for WordPress: from n/a through 1.3.3. | |||||
| CVE-2025-3087 | 2025-04-07 | N/A | N/A | ||
| Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts | |||||
| CVE-2025-32167 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devsoftbaltic SurveyJS allows Stored XSS. This issue affects SurveyJS: from n/a through 1.12.20. | |||||
| CVE-2025-32130 | 2025-04-07 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Migitation, Inc. Posts Footer Manager allows Stored XSS. This issue affects Posts Footer Manager: from n/a through 2.2.0. | |||||
| CVE-2025-32165 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fromdoppler Doppler Forms allows Stored XSS. This issue affects Doppler Forms: from n/a through 2.4.5. | |||||
| CVE-2025-32186 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Turbo Addons Turbo Addons for Elementor allows DOM-Based XSS. This issue affects Turbo Addons for Elementor: from n/a through 1.7.1. | |||||
| CVE-2025-22282 | 2025-04-07 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EPC ez Form Calculator - WordPress plugin allows Reflected XSS.This issue affects ez Form Calculator - WordPress plugin: from n/a through 2.14.1.2. | |||||
| CVE-2025-32207 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Stored XSS. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. | |||||
| CVE-2025-32132 | 2025-04-07 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Stored XSS. This issue affects FunnelCockpit: from n/a through 1.4.2. | |||||
| CVE-2025-32194 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS. This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.4.9. | |||||
| CVE-2025-32185 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder allows Stored XSS. This issue affects Colibri Page Builder: from n/a through 1.0.319. | |||||