Latest CVE Feed
-
6.4
MEDIUMCVE-2025-11502
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswp_tiny_multiple_faq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output e... Read more
Affected Products : schema_\&_structured_data_for_wp_\&_amp- Published: Nov. 01, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-36172
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM Business Automation Workflow is vulnerable to stored cross-site... Read more
Affected Products : cloud_pak_for_business_automation- Published: Nov. 03, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12118
The Schema Scalpel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping when outputting user-supplied data into JSON-LD ... Read more
Affected Products :- Published: Nov. 01, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11806
The Qzzr Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qzzr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'quiz' attribute. This mak... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11162
The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2.19.14 due to insufficient input sanitization and output escapi... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11917
The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes it possible for authenticated attackers, with Subscriber-level... Read more
Affected Products : wpematico_rss_feed_fetcher- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Server-Side Request Forgery
-
6.4
MEDIUMCVE-2025-12388
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the ... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Server-Side Request Forgery
-
6.4
MEDIUMCVE-2025-11820
The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attribut... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11745
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization an... Read more
Affected Products : ad_inserter- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11129
The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it pos... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11821
The Woocommerce – Products By Custom Tax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'woo_products_custom_tax' shortcode in all versions up to, and including, 2.2. This is due to insufficient input sanitization and output esc... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11828
The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11856
The Eventbee Ticketing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eventbeeticketwidget' shortcode in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input and output of ... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11859
The Paypal Donation Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in all versions up to, and including, 0.1. This is due to the plugin not properly sanitizing user input and output of the 'title' an... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11860
The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitter_feed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and '... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11873
The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-50055
Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via th... Read more
Affected Products : access_server- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12644
The Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nonaki' shortcode in all versions up to, and including, 1.0.11. This is due to insufficient input sanitization and ... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12652
The Ungapped Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prefillvalues' parameter in the ungapped-form shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output esca... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12658
The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preload_progress_bar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Cross-Site Scripting