Search Results (47138 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-67949 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 94.3.6.
CVE-2025-67951 2 Wordpress, Wpzoom 2 Wordpress, Wpzoom Addons For Elementor 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through <= 1.2.10.
CVE-2025-67952 2 Themegoods, Wordpress 2 Grand Tour, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through < 5.6.2.
CVE-2025-67959 2 Purethemes, Wordpress 2 Workscout, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through <= 4.1.07.
CVE-2025-67960 2 Purethemes, Wordpress 2 Workscout Core, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through <= 1.7.06.
CVE-2025-67964 2 Favethemes, Wordpress 2 Homey, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through <= 2.4.3.
CVE-2025-67971 2 Wordpress, Wpmanageninja 2 Wordpress, Fluentcart 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through < 1.3.0.
CVE-2025-67978 2 Fixbd, Wordpress 2 Educare, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through <= 1.6.1.
CVE-2025-67983 2 Osama.esh, Wordpress 2 Wp Visitor Statistics (real Time Traffic), Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.3.
CVE-2025-67984 2 Calliko, Wordpress 2 Nps Computy, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through <= 2.8.2.
CVE-2025-67990 2 Realmag777, Wordpress 2 Gmap Targeting, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 GMap Targeting gmap-targeting allows Reflected XSS.This issue affects GMap Targeting: from n/a through <= 1.1.7.
CVE-2025-67991 2 Vanquish, Wordpress 2 User Extra Fields, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Reflected XSS.This issue affects User Extra Fields: from n/a through <= 16.8.
CVE-2025-68004 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through <= 1.2.1.1.
CVE-2025-68008 2 Mndpsingh287, Wordpress 2 Wp Mail, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3.
CVE-2025-68010 2 Netgsm, Wordpress 2 Netgsm, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through <= 2.9.63.
CVE-2025-68011 3 Gls, Woocommerce, Wordpress 3 Shipping For Woocommerce, Woocommerce, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through <= 1.4.0.
CVE-2025-68012 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through <= 0.10.1.
CVE-2025-68031 2 Faraz Sms, Wordpress 2 افزونه پیامک حرفه ای فراز اس ام اس, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through <= 2.7.3.
CVE-2025-68037 2 Atlasgondal, Wordpress 2 Export Media Urls, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Media URLs: from n/a through <= 2.2.
CVE-2025-68041 2 Codisto, Wordpress 2 Omnichannel For Woocommerce, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codisto Omnichannel for WooCommerce codistoconnect allows Stored XSS.This issue affects Omnichannel for WooCommerce: from n/a through <= 1.3.65.