CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48256 – WordPress Import Social Events <= 1.8.5 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-48256
19 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes Import Social Events allows Stored XSS. This issue affects Import Social Events: from n/a through 1.8.5. The Import Social Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec... • https://patchstack.com/database/wordpress/plugin/import-facebook-events/vulnerability/wordpress-import-social-events-1-8-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47531 – WordPress XT Event Widget for Social Events <= 1.1.7 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-47531
07 May 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events allows PHP Local File Inclusion. This issue affects XT Event Widget for Social Events: from n/a through 1.1.7. The XT Event Widget for Social Events plugin for WordPress is vulnerable to Local File Inclusion via the render_facebook_event_listing() function in versions up to, and including, 1.1.7. This makes it possible for authenticated attac... • https://patchstack.com/database/wordpress/plugin/xt-facebook-events/vulnerability/wordpress-xt-event-widget-for-social-events-1-1-7-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30401
https://notcve.org/view.php?id=CVE-2025-30401
05 Apr 2025 — A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but... • https://www.facebook.com/security/advisories/cve-2025-30401 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32169 – WordPress Showeblogin Social plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32169
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh Prasad Showeblogin Social allows DOM-Based XSS. This issue affects Showeblogin Social: from n/a through 7.0. The Showeblogin Social plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbi... • https://patchstack.com/database/wordpress/plugin/showeblogin-facebook-page-like-box/vulnerability/wordpress-showeblogin-social-plugin-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31433 – WordPress Magic Embeds <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-31433
28 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miguel Sirvent Magic Embeds allows Stored XSS. This issue affects Magic Embeds: from n/a through 3.1.2. The Magic Embeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web script... • https://patchstack.com/database/wordpress/plugin/wp-embed-facebook/vulnerability/wordpress-magic-embeds-3-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25086 – WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-25086
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1. The Secret Meta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action ... • https://patchstack.com/database/wordpress/plugin/facebook-secret-meta/vulnerability/wordpress-secret-meta-plugin-1-2-1-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23814 – WordPress CRUDLab Like Box Plugin <= 2.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23814
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CRUDLab Like Box allows Reflected XSS. This issue affects CRUDLab Like Box: from n/a through 2.0.9. The CRUDLab Like Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute ... • https://patchstack.com/database/wordpress/plugin/crudlab-facebook-like-box/vulnerability/wordpress-crudlab-like-box-plugin-2-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45863
https://notcve.org/view.php?id=CVE-2024-45863
27 Sep 2024 — A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00. • https://www.facebook.com/security/advisories/cve-2024-45863 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45773
https://notcve.org/view.php?id=CVE-2024-45773
27 Sep 2024 — A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00. • https://www.facebook.com/security/advisories/cve-2024-45773 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33695 – WordPress Fan Page Widget by ThemeNcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33695
26 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en ThemeNcode Fan Page Widget by ThemeNcode permite almacenar XSS. Este problema afecta el widget de página de fans de ThemeNcode: desde n/a hasta 2.0. The ... • https://patchstack.com/database/vulnerability/facebook-fan-page-widget/wordpress-fan-page-widget-by-themencode-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •