Latest CVE Feed
-
6.5
MEDIUMCVE-2025-63075
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through <= 28.1.7.... Read more
Affected Products : betheme- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-67543
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through <= 2.2.2.... Read more
Affected Products : essential_widgets- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-67558
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13857
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclap_button shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output es... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12717
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before_list' parameter in the [list-attachments] shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and ou... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-59788
Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows ... Read more
Affected Products : nextcloud- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13863
The RevInsite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `token` parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13856
The Extra Post Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the extra-images shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes i... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13656
The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13898
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_id' parameter of the [ultra_skype] shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This m... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13866
The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flow_flow_social_auth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attack... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2025-14032
The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'bold_timeline_group' shortcode in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escapin... Read more
Affected Products : bold_timeline_lite- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12109
The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitizatio... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13705
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14278
The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide_title' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping in JavaScript. This makes ... Read more
Affected Products : ht_slider_for_elementor- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13969
The Reviews Sorted plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'space' parameter of the [reviews-slider] shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This m... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13966
The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttom_image' parameter of the [paypal-shortcode] shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and outpu... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13906
The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linechart' shortcode in all versions up to, and including, 0.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-7058
The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-7960
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions up to, and including, 51.1.39 due to insufficient input saniti... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting