| 2025-04-12 | CVE-2025-2269 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘image_id’ parameter in all versions up to, and including, 1.8.34 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-04-11 | CVE-2025-3421 | Cross-site Scripting vulnerability in Wpeverest Everest Forms
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-04-11 | CVE-2025-2541 | Cross-site Scripting vulnerability in Wedevs WP Project Manager
The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-04-11 | CVE-2025-2575 | Cross-site Scripting vulnerability in Wpzita Z Companion
The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-04-11 | CVE-2025-3434 | The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. | 7.2 |
| 2025-04-10 | CVE-2023-42007 | IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. | 5.4 |
| 2025-04-10 | CVE-2024-10894 | The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-04-09 | CVE-2023-33844 | IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2025-04-09 | CVE-2025-3100 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion. | 6.4 |
| 2025-04-08 | CVE-2025-30292 | Cross-site Scripting vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |