| 2025-05-18 | CVE-2025-3715 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-05-18 | CVE-2025-4862 | Cross-site Scripting vulnerability in PHPgurukul Directory Management System 2.0
A vulnerability, which was classified as problematic, has been found in PHPGurukul Directory Management System 2.0. | 6.1 |
| 2025-05-18 | CVE-2025-4859 | Cross-site Scripting vulnerability in Dlink Dap-2695 Firmware 1.20B36R137Allen202105286
A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. | 4.8 |
| 2025-05-18 | CVE-2025-4860 | Cross-site Scripting vulnerability in Dlink Dap-2695 Firmware 1.20B36R137Allen202105286
A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. | 4.8 |
| 2025-05-18 | CVE-2025-4852 | Cross-site Scripting vulnerability in Totolink A3002R Firmware 2.1.1B20230720.1011
A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. | 3.4 |
| 2025-05-18 | CVE-2025-4858 | Cross-site Scripting vulnerability in Dlink Dap-2695 Firmware 1.20B36R137Allen202105286
A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. | 4.8 |
| 2025-05-17 | CVE-2025-47931 | Cross-site Scripting vulnerability in Librenms
LibreNMS is PHP/MySQL/SNMP based network monitoring software. | 6.1 |
| 2025-05-17 | CVE-2025-3888 | Cross-site Scripting vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-05-17 | CVE-2025-4669 | Cross-site Scripting vulnerability in Wpbookingcalendar WP Booking Calendar
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-05-17 | CVE-2025-4610 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |