| 2025-01-16 | CVE-2024-11452 | The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'business_categories' shortcode in all versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-16 | CVE-2025-0170 | The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. | 6.1 |
| 2025-01-15 | CVE-2025-0215 | The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-15 | CVE-2025-0485 | Cross-site Scripting vulnerability in Fanli2012 Native-PHP-Cms 1.0
A vulnerability was found in Fanli2012 native-php-cms 1.0. | 6.1 |
| 2025-01-15 | CVE-2025-22738 | Cross-site Scripting vulnerability in Wpulike WP Ulike
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechnoWich WP ULike allows Stored XSS.This issue affects WP ULike: from n/a through 4.7.6. | 4.8 |
| 2025-01-15 | CVE-2025-22752 | Cross-site Scripting vulnerability in Gsheetconnector for Forminator Forms
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11. | 6.1 |
| 2025-01-15 | CVE-2024-12593 | The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdf_dotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-15 | CVE-2024-35280 | Cross-site Scripting vulnerability in Fortinet Fortideceptor
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints | 6.1 |
| 2025-01-15 | CVE-2024-12403 | The Image Gallery – Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'awsmgallery' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-15 | CVE-2024-12423 | The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. | 6.1 |