Total
35734 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13098 | 1 Megamindstechnologies | 1 Wordpress Email Newsletter | 2025-05-07 | 5.4 Medium |
| The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13094 | 1 Wptriggers | 1 Wp Triggers Lite | 2025-05-07 | 7.1 High |
| The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-1453 | 1 Zephyrwest | 1 Category Posts Widget | 2025-05-07 | 4.8 Medium |
| The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13056 | 1 Phycticio | 1 Dyn Business Panel | 2025-05-07 | 7.1 High |
| The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13055 | 1 Phycticio | 1 Dyn Business Panel | 2025-05-07 | 7.1 High |
| The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13325 | 1 Croberts | 1 Glossy | 2025-05-07 | 6.1 Medium |
| The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-13114 | 1 Phptechie | 1 Wp Projects Portfolio With Client Testimonials | 2025-05-07 | 6.1 Medium |
| The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13099 | 1 Apidaze | 1 Widget4call | 2025-05-07 | 5.4 Medium |
| The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-0368 | 1 Karacsi Maci | 1 Banner Garden | 2025-05-07 | 6.1 Medium |
| The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users. | ||||
| CVE-2024-1743 | 1 Vanquish | 1 Woocommerce Customers Manager | 2025-05-07 | 5.9 Medium |
| The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-13314 | 1 Techearty | 1 Carousel\, Slider\, Gallery By Wp Carousel | 2025-05-07 | 3.5 Low |
| The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13329 | 1 Solidres | 1 Solidres | 2025-05-07 | 7.1 High |
| The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-13327 | 1 Webdesignby | 1 Musicbox | 2025-05-07 | 6.1 Medium |
| The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-13585 | 1 Wp-dreams | 1 Ajax Search | 2025-05-07 | 3.5 Low |
| The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12308 | 1 Logichunt | 1 Logo Slider | 2025-05-07 | 5.4 Medium |
| The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-13605 | 1 10web | 1 Form Maker | 2025-05-07 | 4.8 Medium |
| The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13822 | 1 Totalsuite | 1 Totalcontest | 2025-05-07 | 6.1 Medium |
| The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-3390 | 1 Hailey888 | 1 Oa System | 2025-05-07 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01. Affected is the function addandchangeday of the file cn/gson/oass/controller/daymanager/DaymanageController.java of the component Backend. The manipulation of the argument scheduleList leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2025-3391 | 1 Hailey888 | 1 Oa System | 2025-05-07 | 3.5 Low |
| A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2022-42054 | 1 Gl-inet | 1 Goodcloud | 2025-05-07 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. | ||||