Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 41592 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-49992 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through <= 4.0.9.
CVE-2025-49963 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through <= 1.1.28.
CVE-2025-49962 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through <= 2.19.4.
CVE-2025-49960 2026-01-20 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leadbi LeadBI Plugin for WordPress leadbi allows Stored XSS.This issue affects LeadBI Plugin for WordPress: from n/a through <= 1.7.
CVE-2025-49959 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through <= 1.1.6.
CVE-2025-49958 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through <= 1.8.1.
CVE-2025-49957 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status &amp; Products email-attachment-by-order-status-products allows Reflected XSS.This issue affects Email Attachment by Order Status &amp; Products: from n/a through <= 1.0.1.
CVE-2025-49956 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anandaraj Balu Fade Slider fade-slider allows Reflected XSS.This issue affects Fade Slider: from n/a through <= 2.5.
CVE-2025-49955 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rajan Vijayan WP Smart Flexslider wp-smart-flexslider allows Reflected XSS.This issue affects WP Smart Flexslider: from n/a through <= 2.5.
CVE-2025-49954 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mithra62 WP-Click-Tracker wp-click-track allows Reflected XSS.This issue affects WP-Click-Tracker: from n/a through <= 0.7.3.
CVE-2025-49953 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeinity ShareBang, Ultimate Social Share Buttons for WordPress sharebang allows Reflected XSS.This issue affects ShareBang, Ultimate Social Share Buttons for WordPress: from n/a through <= 1.4.
CVE-2025-49951 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcrunch gAppointments gAppointments allows Reflected XSS.This issue affects gAppointments: from n/a through <= 1.14.1.
CVE-2025-49948 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad Awais WP Super Edit wp-super-edit allows Reflected XSS.This issue affects WP Super Edit: from n/a through <= 2.5.4.
CVE-2025-49947 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3.
CVE-2025-49946 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy Auto Login After Registration auto-login-after-registration allows Reflected XSS.This issue affects Auto Login After Registration: from n/a through <= 1.0.0.
CVE-2025-49945 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through <= 1.1.
CVE-2025-49944 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonatan Jumbert WPCode Content Ratio wpcode-content-ratio allows Reflected XSS.This issue affects WPCode Content Ratio: from n/a through <= 2.0.
CVE-2025-49940 2026-01-20 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows DOM-Based XSS.This issue affects Fusion Builder: from n/a through <= 3.13.2.
CVE-2025-49939 2026-01-20 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8.
CVE-2025-49938 2026-01-20 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.