CWE-79: Cross-site Scripting (XSS)

The Wise Chat WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts via the X-Forwarded-Fo...

The Xagio SEO WordPress plugin has a stored XSS vulnerability in all versions up to 7.1.0.16. Unauthenticated attackers can inject malicious scripts v...

The Shared Files WordPress plugin allows unauthenticated attackers to upload HTML files containing malicious JavaScript, which executes when users acc...

This vulnerability allows authenticated attackers with Custom-level access or higher in WordPress to inject malicious scripts via media upload names i...

This cross-site scripting (XSS) vulnerability in Best Practical RT allows attackers to inject malicious scripts into search URLs. When users view sear...

CVE-2025-31501 is a cross-site scripting (XSS) vulnerability in Best Practical RT (Request Tracker) that allows attackers to inject malicious JavaScri...

The Solid Mail WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into email fields. Wh...

The WP Content Security Plugin for WordPress has a stored cross-site scripting vulnerability in versions up to 2.3. Unauthenticated attackers can inje...

CVE-2015-4582 is a cross-site scripting (XSS) vulnerability in the Boot Store WordPress theme version 1.6.4. It allows attackers to inject malicious s...

The eForm WordPress Form Builder plugin has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scri...

The SMTP for Amazon SES – YaySMTP WordPress plugin has a stored cross-site scripting vulnerability in email logs. Unauthenticated attackers can inje...

This Cross-Site Scripting (XSS) vulnerability in SquirrelMail allows attackers to inject malicious JavaScript via email headers. When exploited, it ca...

The Booster for WooCommerce WordPress plugin has a stored cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to inject mal...

KNIME Business Hub contains cross-site scripting vulnerabilities that allow attackers to execute arbitrary JavaScript in users' browsers when they cli...

This vulnerability in MISP (Malware Information Sharing Platform) allows cross-site scripting (XSS) attacks through REST endpoints that return non-JSO...

The Newsletters plugin for WordPress has a stored XSS vulnerability in its logging functionality that allows unauthenticated attackers to inject malic...

The WP Church Donation plugin for WordPress has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious ...

The WP Test Email plugin for WordPress has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scrip...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress pages using the AppPresser plugin when logging is en...

This stored XSS vulnerability in the Contest Gallery WordPress plugin allows unauthenticated attackers to inject malicious scripts into photo gallery ...

The SMTP for SendGrid – YaySMTP WordPress plugin up to version 1.3.1 contains a stored cross-site scripting (XSS) vulnerability due to insufficient ...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the SMTP for Sendinblue – YaySMTP plugin,...

The Lenix Elementor Leads addon plugin for WordPress has a stored XSS vulnerability in URL form fields that allows unauthenticated attackers to inject...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the YaySMTP plugin. When users visit compro...

The Subscribe2 WordPress plugin has a stored XSS vulnerability in all versions up to 10.43. Unauthenticated attackers can inject malicious scripts via...

The Post SMTP WordPress plugin has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts into ...

The FormCraft WordPress plugin allows unauthenticated attackers to upload malicious SVG files containing JavaScript that executes when viewed. This st...

The Welcart e-Commerce plugin for WordPress has a stored cross-site scripting (XSS) vulnerability in the 'name' parameter that allows unauthenticated ...

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the HT Me...

This vulnerability allows unauthenticated attackers to upload malicious dfxp files containing JavaScript that executes automatically when accessed. It...

The Link Fixer WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into website pages. T...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the Flexible Wishlist for WooCommerce pl...

The Gravity Forms WordPress plugin has a stored XSS vulnerability in the 'alt' parameter that allows unauthenticated attackers to inject malicious scr...

IBM CICS TX Advanced and Standard are vulnerable to stored cross-site scripting (XSS) that allows authenticated users to inject malicious JavaScript i...

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into website pages via the...

This stored XSS vulnerability in the Frontend Admin WordPress plugin allows unauthenticated attackers to inject malicious scripts into submission form...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress pages using the Ninja Forms plugin. When users visit...

The Activity Log plugin for WordPress has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into administra...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress websites using the GDPR plugin. When users visit pages ...

The WP Activity Log plugin for WordPress has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts via the user...

The Tripetto WordPress plugin has a stored cross-site scripting vulnerability in file upload functionality that allows unauthenticated attackers to in...

This stored XSS vulnerability in the WPAdverts WordPress plugin allows unauthenticated attackers to inject malicious scripts into website pages via th...

The SendPulse Free Web Push WordPress plugin has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious...

The Rich Review WordPress plugin versions up to 1.7.4 contain a stored cross-site scripting vulnerability in the 'update' POST parameter. Unauthentica...

The SlimStat Analytics WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into visitor ...

This is a stored cross-site scripting (XSS) vulnerability in LibreNMS where administrators can inject malicious JavaScript into Device Group names. Wh...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using The Events Calendar plugin. When users view...

The WordPress Visitors plugin up to version 1.0 has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts via s...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Contact Form to Any API plugin. When us...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress pages using the Thanh Toán Quét Mã QR Code Tự �...