Latest CVE Feed
-
6.4
MEDIUMCVE-2025-9129
The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attr... Read more
Affected Products : flexi- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-8776
The Epic Bootstrap Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icol’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9204
The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.14. This is due to insufficient input sanitization and output escaping on the Youtube Vid... Read more
Affected Products : x_addons_for_elementor- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9206
The Meks Easy Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title field in all version up to, and including, 2.1.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This ... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-10131
The All Social Share Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes... Read more
Affected Products :- Published: Sep. 30, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-10189
The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bpdm_login' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attribute... Read more
Affected Products :- Published: Sep. 30, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-7400
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a post's Featured Image custom fields in all versions up to, and including, 5.2.7 due to insufficient input sanitization and output escaping. This mak... Read more
Affected Products : featured_image_from_url- Published: Oct. 07, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9854
The A Simple Multilanguage Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'asmp-switcher' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user sup... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9858
The Auto Bulb Finder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abf_vehicle' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user su... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9859
The Fintelligence Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fintelligence-calculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on ... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9875
The Event Tickets, RSVPs, Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticket_spot' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user su... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9876
The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irdslider' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. Thi... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9045
The Easy Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in versions less than, or equal to, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-8566
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters in the CountUp and Google Maps Blocks in all versions up to, and including, 2.18.0 due to insufficient input sanitization and output escaping.... Read more
Affected Products :- Published: Sep. 30, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11161
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vc_custom_heading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitiza... Read more
Affected Products : page_builder- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-10168
The Any News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'any-ticker' shortcode in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping on user supplied attribute... Read more
Affected Products :- Published: Sep. 30, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11814
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to... Read more
Affected Products : ultimate_addons_for_wpbakery_page_builder- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-10182
The dbview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dbview' shortcode in all versions up to, and including, 0.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes... Read more
Affected Products :- Published: Sep. 30, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-62374
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.regi... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-10179
The My AskAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'myaskai' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This ma... Read more
Affected Products :- Published: Sep. 30, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting