Total
43660 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47627 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through <= 3.6.0. | ||||
| CVE-2024-47631 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Logo Carousel – Clients logo carousel for WP responsive-client-logo-carousel-slider allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through <= 1.2. | ||||
| CVE-2024-33465 | 1 Mjdm | 1 Majordomo | 2026-04-15 | 7.1 High |
| Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. | ||||
| CVE-2024-47642 | 2 Keap, Wordpress | 2 Keap Official Opt In Forms, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms infusionsoft-official-opt-in-forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through <= 2.0.3. | ||||
| CVE-2024-47644 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Copyscape Copyscape Premium copyscape-premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through <= 1.3.9. | ||||
| CVE-2024-2830 | 2026-04-15 | 6.4 Medium | ||
| The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-4656 | 2026-04-15 | 4.4 Medium | ||
| The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-4657 | 1 Talentsoftware | 1 Bap Automation | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automation allows Stored XSS.This issue affects BAP Automation: before 30840. | ||||
| CVE-2024-34546 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Sticky Social Link sticky-social-link allows DOM-Based XSS.This issue affects Sticky Social Link: from n/a through <= 2.0.1. | ||||
| CVE-2024-56018 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BU Web Team BU Section Editing bu-section-editing allows Reflected XSS.This issue affects BU Section Editing: from n/a through <= 0.9.9. | ||||
| CVE-2024-34563 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoldAddons Gold Addons for Elementor allows Stored XSS.This issue affects Gold Addons for Elementor: from n/a through 1.2.9. | ||||
| CVE-2024-47647 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Essekia Helpie FAQ helpie-faq allows Stored XSS.This issue affects Helpie FAQ: from n/a through <= 1.27. | ||||
| CVE-2024-56025 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adworkmedia AdWork Media EZ Content Locker adwork-media-ez-content-locker allows Reflected XSS.This issue affects AdWork Media EZ Content Locker: from n/a through <= 3.0. | ||||
| CVE-2024-56027 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bizswoop Leads CRM leads-crm allows Reflected XSS.This issue affects Leads CRM: from n/a through <= 2.0.13. | ||||
| CVE-2024-34574 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpsoul Table Maker allows Stored XSS.This issue affects Table Maker: from n/a through 1.9.1. | ||||
| CVE-2024-56037 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftClever Limited User Referral user-referral-free allows Reflected XSS.This issue affects User Referral: from n/a through <= 8.0. | ||||
| CVE-2025-32483 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Salisbury Request Call Back request-call-back allows Stored XSS.This issue affects Request Call Back: from n/a through <= 1.4.1. | ||||
| CVE-2024-47650 | 2 Axton, Wordpress | 2 Wp-webauthn, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Axton WP-WebAuthn wp-webauthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through <= 1.3.1. | ||||
| CVE-2024-2838 | 1 Wpclever | 1 Wpc Product Bundles For Woocommerce | 2026-04-15 | 6.4 Medium |
| The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-56210 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro userpro allows Reflected XSS.This issue affects Userpro: from n/a through <= 5.1.9. | ||||