Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51330 | 2025-02-20 | 5.4 Medium | ||
| PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter. | ||||
| CVE-2024-13612 | 1 Wordplus | 1 Better Messages | 2025-02-20 | 6.4 Medium |
| The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-24012 | 1 Umbraco | 1 Umbraco Cms | 2025-02-20 | 4.6 Medium |
| Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch. | ||||
| CVE-2024-13570 | 1 Unalignedcode | 1 Stray Random Quotes | 2025-02-20 | 6.1 Medium |
| The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13543 | 1 Amini7 | 1 Zarinpal Paid Download | 2025-02-20 | 6.1 Medium |
| The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2023-51305 | 2025-02-20 | 5.4 Medium | ||
| PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters. | ||||
| CVE-2023-51303 | 2025-02-20 | 6.1 Medium | ||
| PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple HTML Injection in the "lid, name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | ||||
| CVE-2023-51300 | 2025-02-20 | 6.1 Medium | ||
| PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters. | ||||
| CVE-2023-51299 | 2025-02-20 | 6.1 Medium | ||
| PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | ||||
| CVE-2023-51296 | 2025-02-20 | 6.1 Medium | ||
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters which allows attackers to execute arbitrary code | ||||
| CVE-2025-1039 | 2025-02-20 | 7.2 High | ||
| The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-47223 | 1 Wpmapplugins | 1 Basic Interactive World Map | 2025-02-19 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin <= 2.0 versions. | ||||
| CVE-2023-46626 | 1 Flowfact | 1 Flowfact | 2025-02-19 | 6.1 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin <= 2.1.7 versions. | ||||
| CVE-2023-27242 | 1 Razormist | 1 Loan Management System | 2025-02-19 | 5.4 Medium |
| SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module. | ||||
| CVE-2022-38467 | 1 Crmperks | 1 Crm Perks Forms | 2025-02-19 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | ||||
| CVE-2022-47171 | 1 Ip Vault - Wp Firewall Project | 1 Ip Vault - Wp Firewall | 2025-02-19 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions. | ||||
| CVE-2022-34148 | 1 Jetbackup | 1 Jetbackup | 2025-02-19 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions. | ||||
| CVE-2022-45814 | 1 Wp Calendar Project | 1 Wp Calendar | 2025-02-19 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions. | ||||
| CVE-2023-25064 | 1 Wp Htpasswd Project | 1 Wp Htpasswd | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matteo Candura WP htpasswd plugin <= 1.7 versions. | ||||
| CVE-2023-22679 | 1 Wp Better Emails Project | 1 Wp Better Emails | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nicolas Lemoine WP Better Emails plugin <= 0.4 versions. | ||||