| 2025-02-19 | CVE-2025-1065 | The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Import Data From File feature in all versions up to, and including, 3.11.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-11582 | The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping. | 7.2 |
| 2025-02-19 | CVE-2024-13443 | The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2025-22622 | Age Verification for your checkout page. | 4.3 |
| 2025-02-19 | CVE-2024-13508 | The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-18 | CVE-2024-13743 | The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderplugin_video shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-18 | CVE-2024-13667 | Cross-site Scripting vulnerability in Undsgn Uncode
The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-18 | CVE-2025-0521 | Cross-site Scripting vulnerability in Wpexperts Post Smtp
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-18 | CVE-2025-0817 | Cross-site Scripting vulnerability in Ncrafts Formcraft
The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-18 | CVE-2025-0981 | Cross-site Scripting vulnerability in Churchcrm
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting (XSS) vulnerability in the Group Editor page. | 6.1 |