Latest CVE Feed
-
6.4
MEDIUMCVE-2025-13728
The FluentAuth – The Ultimate Authorization & Security Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fluent_auth_reset_password` shortcode in all versions up to, and including, 2.0.3 due to insuff... Read more
Affected Products : fluentauth- Published: Dec. 15, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13608
The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'child_pages' shortcode in all versions up to, and including, 2.0.0. This is due to insufficient input sanitization and output escaping on four user-supplied attr... Read more
Affected Products : cc_child_pages- Published: Dec. 15, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14387
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more
Affected Products : learnpress- Published: Dec. 15, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11220
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside the w... Read more
Affected Products : website_builder- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12976
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list_grouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitiza... Read more
Affected Products : events_manager- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-68145
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that con... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
6.4
MEDIUMCVE-2025-13977
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitiz... Read more
Affected Products : essential_addons_for_elementor- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14385
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 10.2.3 due to insufficient input sanitization and output escaping on user-supplied attributes in the wprm-... Read more
Affected Products : wp_recipe_maker- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13217
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0.... Read more
Affected Products : ultimate_member- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12650
The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_name' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escapin... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13747
The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nsp_shortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attribu... Read more
Affected Products : newstatpress- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13850
The LS Google Map Router plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'map_type' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11747
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibri_blog_posts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attri... Read more
Affected Products : colibri_page_builder- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14548
The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'event_desc' parameter in all versions up to, and including, 1.3.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more
Affected Products : calendar- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14000
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and o... Read more
Affected Products : membership_plugin_-_restrict_content- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2023-53953
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the ... Read more
Affected Products : websitebaker- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-68917
ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.... Read more
Affected Products : document_server- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-68935
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.... Read more
Affected Products : document_server- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-68936
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.... Read more
Affected Products : document_server- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2023-53977
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability by inserting scr... Read more
Affected Products : mybb- Published: Dec. 22, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Cross-Site Scripting