| 2025-04-24 | CVE-2025-3749 | The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cal_size’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-04-24 | CVE-2025-2543 | The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-04-24 | CVE-2025-2579 | The Lottie Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-04-24 | CVE-2025-3832 | The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-04-24 | CVE-2025-3435 | The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the board_header and board_footer parameters in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping. network high complexity CWE-79 | 4.4 |
| 2025-04-23 | CVE-2025-1054 | The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-04-22 | CVE-2025-3457 | Cross-site Scripting vulnerability in Oceanwp Ocean Extra
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-04-22 | CVE-2025-3458 | Cross-site Scripting vulnerability in Oceanwp Ocean Extra
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-04-22 | CVE-2025-46225 | Cross-site Scripting vulnerability in Migaweb Post in Page for Elementor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Post in page for Elementor allows DOM-Based XSS. | 5.4 |
| 2025-04-22 | CVE-2025-46226 | Cross-site Scripting vulnerability in Mpl-Publisher
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. | 5.4 |