Total
43695 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36085 | 2026-04-15 | 6.3 Medium | ||
| Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply For This Job Form. | ||||
| CVE-2025-48354 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor better-post-filter-widgets-for-elementor allows Stored XSS.This issue affects Better Post & Filter Widgets for Elementor: from n/a through <= 1.6.1. | ||||
| CVE-2025-26564 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUCommerce gnucommerce allows Reflected XSS.This issue affects GNUCommerce: from n/a through <= 1.5.4. | ||||
| CVE-2025-25082 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Chirkov FlexIDX Home Search flexidx-home-search allows Stored XSS.This issue affects FlexIDX Home Search: from n/a through <= 2.1.2. | ||||
| CVE-2025-27014 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 30.1. | ||||
| CVE-2025-64275 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through <= 2.1.17. | ||||
| CVE-2024-41453 | 2026-04-15 | 4.8 Medium | ||
| A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | ||||
| CVE-2025-53224 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Koen Schuit NextGEN Gallery Search nextgen-gallery-search-galleries allows Reflected XSS.This issue affects NextGEN Gallery Search: from n/a through <= 2.12. | ||||
| CVE-2025-53289 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Widget Areas theme-blvd-widget-areas allows Reflected XSS.This issue affects Theme Blvd Widget Areas: from n/a through <= 1.3.0. | ||||
| CVE-2025-69033 | 2 Awplife, Wordpress | 2 Blog Filter, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.3. | ||||
| CVE-2025-8462 | 2 Risethemes, Wordpress | 2 Rt Easy Builder, Wordpress | 2026-04-15 | 6.4 Medium |
| The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-26538 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Prezi Embedder prezi-embedder allows Stored XSS.This issue affects Prezi Embedder: from n/a through <= 2.1. | ||||
| CVE-2025-26551 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Bootstrap collapse bootstrap-collapse allows Stored XSS.This issue affects Bootstrap collapse: from n/a through <= 1.0.4. | ||||
| CVE-2024-30848 | 1 Silversky | 1 Email Service | 2026-04-15 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SilverSky E-mail service version 5.0.3126 allows remote attackers to inject arbitrary web script or HTML via the version parameter. | ||||
| CVE-2024-30952 | 2026-04-15 | 6.1 Medium | ||
| A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action. | ||||
| CVE-2024-47372 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 3.1.0. | ||||
| CVE-2024-56262 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Coaches gs-coach allows Stored XSS.This issue affects GS Coaches: from n/a through <= 1.1.0. | ||||
| CVE-2024-47388 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai SliceWP slicewp allows Reflected XSS.This issue affects SliceWP: from n/a through <= 1.1.18. | ||||
| CVE-2025-28911 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gravity2pdf Gravity 2 PDF gf2pdf allows Reflected XSS.This issue affects Gravity 2 PDF: from n/a through <= 3.1.3. | ||||
| CVE-2024-47626 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Stored XSS.This issue affects RTMKit: from n/a through <= 1.5.0. | ||||