CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1647 – XSS in Bootstrap title attribute for Tooltip and Popover
https://notcve.org/view.php?id=CVE-2025-1647
15 May 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0. • https://www.herodevs.com/vulnerability-directory/cve-2025-1647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32672 – WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.9 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-32672
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion. This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.9. The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.4.9. This makes it possible for unauthenticated attackers to include and execute ... • https://patchstack.com/database/wordpress/plugin/ultimate-bootstrap-elements-for-elementor/vulnerability/wordpress-ultimate-bootstrap-elements-for-elementor-plugin-1-4-9-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30527 – WordPress My Bootstrap Menu plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-30527
24 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetoolbox My Bootstrap Menu allows Stored XSS. This issue affects My Bootstrap Menu: from n/a through 1.2.1. The My Bootstrap Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitr... • https://patchstack.com/database/wordpress/plugin/my-bootstrap-menu/vulnerability/wordpress-my-bootstrap-menu-plugin-1-2-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26551 – WordPress Bootstrap collapse plugin <= 1.0.4 - CSRF to Stored Cross-Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2025-26551
13 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Bootstrap collapse allows Stored XSS. This issue affects Bootstrap collapse: from n/a through 1.0.4. The Bootstrap collapse plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web s... • https://patchstack.com/database/wordpress/plugin/bootstrap-collapse/vulnerability/wordpress-bootstrap-collapse-plugin-1-0-4-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22743 – WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22743
14 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian Shortcode: from n/a through 1.0. The Twitter Bootstrap Collapse aka Accordian Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes i... • https://patchstack.com/database/wordpress/plugin/twitter-bootstrap-collapse-aka-accordian-shortcode/vulnerability/wordpress-twitter-bootstrap-collapse-aka-accordian-shortcode-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49677 – WordPress Bootstrap Buttons plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49677
14 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Bootstrap Buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/a through 1.2. The Bootstrap Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if... • https://patchstack.com/database/wordpress/plugin/bootstrap-buttons/vulnerability/wordpress-bootstrap-buttons-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53824 – WordPress All Bootstrap Blocks plugin <= 1.3.20 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-53824
02 Dec 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19. The All Bootstrap Blocks plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.19. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the s... • https://patchstack.com/database/wordpress/plugin/all-bootstrap-blocks/vulnerability/wordpress-all-bootstrap-blocks-plugin-1-3-20-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11402 – WordPress Block Editor Bootstrap Blocks plugin <= 6.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-11402
20 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en WP-speedup Block Editor Bootstrap Blocks permite XSS reflejado. Este problema afecta a los bloques Bootstrap del editor de bloques: desde n/a hasta ... • https://patchstack.com/database/wordpress/plugin/block-editor-bootstrap-blocks/vulnerability/wordpress-block-editor-bootstrap-blocks-plugin-6-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51810 – WordPress Lewe Bootstrap Visuals plugin <= 2.2.2 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51810
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Lewe Lewe Bootstrap Visuals allows Stored XSS.This issue affects Lewe Bootstrap Visuals: from n/a through 2.2.2. The Lewe Bootstrap Visuals plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to i... • https://patchstack.com/database/vulnerability/shortcode-bootstrap-visuals/wordpress-lewe-bootstrap-visuals-plugin-2-2-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51851 – WordPress best bootstrap widgets for elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51851
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saleh attari best bootstrap widgets for elementor allows DOM-Based XSS.This issue affects best bootstrap widgets for elementor: from n/a through 1.0. The best bootstrap widgets for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit... • https://patchstack.com/database/vulnerability/best-bootstrap-widgets-for-elementor/wordpress-best-bootstrap-widgets-for-elementor-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •