Search Results (47297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-6984 1 Astrbot 1 Astrbot 2026-04-25 4.7 Medium
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2023-5933 1 Gitlab 1 Gitlab 2026-04-25 6.4 Medium
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
CVE-2025-68079 2 Themenectar, Wordpress 2 Salient Core, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through <= 1.5.4.
CVE-2025-63011 2 Thimpress, Wordpress 2 Wp Hotel Booking, Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through <= 2.2.8.
CVE-2025-63048 2 Cridio, Wordpress 2 Listingpro Lead Form, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through <= 1.0.7.
CVE-2025-63050 1 Wordpress 1 Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through < 19.9.9.7.
CVE-2025-63052 2 Gallerycreator, Wordpress 2 Simply Gallery, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through <= 3.3.2.1.
CVE-2025-63055 3 Elementor, Liton Arefin, Wordpress 3 Elementor, Master Addons For Elementor, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.4.
CVE-2025-63057 2 Roxnor, Wordpress 2 Wp Ultimate Review, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XSS.This issue affects Wp Ultimate Review: from n/a through <= 2.3.7.
CVE-2025-63059 2 Arscode, Wordpress 2 Ninja Popups, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arscode Ninja Popups arscode-ninja-popups allows Stored XSS.This issue affects Ninja Popups: from n/a through <= 4.7.8.
CVE-2025-63061 2 Hogash, Wordpress 2 Kallyas, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hogash KALLYAS kallyas allows DOM-Based XSS.This issue affects KALLYAS: from n/a through < 4.25.0.
CVE-2025-63066 1 Wordpress 1 Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3.
CVE-2025-63073 2 Dream-theme, Wordpress 2 The7, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects The7: from n/a through < 12.9.0.
CVE-2025-63075 2 Muffingroup, Wordpress 2 Betheme, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through <= 28.2.
CVE-2025-67912 1 Wordpress 1 Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through <= 3.3.4.
CVE-2025-67986 1 Wordpress 1 Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through <= 1.1.7.
CVE-2025-68070 2 Vektor, Wordpress 2 Vk Google Job Posting Manager, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through <= 1.2.22.
CVE-2025-68077 2 Select-themes, Wordpress 2 Stockholm, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm stockholm allows Stored XSS.This issue affects Stockholm: from n/a through <= 9.14.1.
CVE-2025-68080 1 Wordpress 1 Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal User Avatar - Reloaded user-avatar-reloaded allows Stored XSS.This issue affects User Avatar - Reloaded: from n/a through <= 1.2.2.
CVE-2025-57897 1 Wordpress 1 Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in venusweb Logtik logtik allows Reflected XSS.This issue affects Logtik: from n/a through <= 2.3.