Total
43804 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46228 | 1 Avecnous | 1 Event Post | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post allows DOM-Based XSS.This issue affects Event post: from n/a through <= 5.9.11. | ||||
| CVE-2025-46227 | 1 Brechtvds | 1 Custom Related Posts | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts custom-related-posts allows Stored XSS.This issue affects Custom Related Posts: from n/a through <= 1.7.4. | ||||
| CVE-2025-46226 | 1 Mpl-publisher | 1 Mpl-publisher | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher mpl-publisher allows Stored XSS.This issue affects MPL-Publisher: from n/a through <= 2.18.0. | ||||
| CVE-2025-46225 | 1 Migaweb | 1 Post In Page For Elementor | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Post in page for Elementor post-in-page-for-elementor allows DOM-Based XSS.This issue affects Post in page for Elementor: from n/a through <= 1.0.1. | ||||
| CVE-2025-43841 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jamesdbruner WP Vegas vegas-fullscreen-background-slider allows Stored XSS.This issue affects WP Vegas: from n/a through <= 2.2. | ||||
| CVE-2025-43839 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Messages Tool bp-messages-tool allows Reflected XSS.This issue affects BP Messages Tool: from n/a through <= 2.2. | ||||
| CVE-2025-43837 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binti76 Total Donations total-donations allows Reflected XSS.This issue affects Total Donations: from n/a through <= 3.0.8. | ||||
| CVE-2025-43836 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in confuzzledduck Syndicate Out syndicate-out allows Reflected XSS.This issue affects Syndicate Out: from n/a through <= 0.9. | ||||
| CVE-2025-43834 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tox82 cookieBAR cookiebar allows Stored XSS.This issue affects cookieBAR: from n/a through <= 1.7.0. | ||||
| CVE-2025-43832 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber remote-images-grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through <= 0.6. | ||||
| CVE-2025-3704 | 2026-04-23 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up Sheets pta-volunteer-sign-up-sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a through < 5.5.5. | ||||
| CVE-2025-39594 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Arigato Autoresponder and Newsletter bft-autoresponder allows Reflected XSS.This issue affects Arigato Autoresponder and Newsletter: from n/a through <= 2.7.2.4. | ||||
| CVE-2025-39590 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9. | ||||
| CVE-2025-39585 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Stored XSS.This issue affects Travelfic Toolkit: from n/a through <= 1.2.1. | ||||
| CVE-2025-39582 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Passionate Programmer Peter WP Data Access wp-data-access allows DOM-Based XSS.This issue affects WP Data Access: from n/a through <= 5.5.36. | ||||
| CVE-2025-39581 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes themify-shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through <= 2.1.3. | ||||
| CVE-2025-39579 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows DOM-Based XSS.This issue affects Membership For WooCommerce: from n/a through <= 2.8.0. | ||||
| CVE-2025-39578 | 1 Cyberchimps | 1 Responsive Blocks | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Stored XSS.This issue affects Responsive Blocks: from n/a through <= 2.0.2. | ||||
| CVE-2025-39577 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Stored XSS.This issue affects PropertyHive: from n/a through <= 2.1.2. | ||||
| CVE-2025-39576 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows Stored XSS.This issue affects WPAdverts: from n/a through <= 2.2.1. | ||||