CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30972 – WordPress Woocommerce Line Notify plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-30972
18 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify allows Stored XSS. This issue affects Woocommerce Line Notify: from n/a through 1.1.7. The Woocommerce Line Notify plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in ... • https://patchstack.com/database/wordpress/plugin/woo-line-notify/vulnerability/wordpress-woocommerce-line-notify-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26545 – WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-26545
13 Feb 2025 — Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard allows Stored XSS. This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through 0.0.22. The Related Posts Line-up-Exactly by Milliard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.22. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and injec... • https://patchstack.com/database/wordpress/plugin/related-posts-line-up-exactry-by-milliard/vulnerability/wordpress-related-posts-line-up-exactly-by-milliard-plugin-0-0-22-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23791 – WordPress Horizontal Line Shortcode Plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23791
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RocaPress Horizontal Line Shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through 1.0. The Horizontal Line Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t... • https://patchstack.com/database/wordpress/plugin/horizontal-line-shortcode/vulnerability/wordpress-horizontal-line-shortcode-plugin-1-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5739
https://notcve.org/view.php?id=CVE-2024-5739
12 Jun 2024 — The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in ... • https://hackerone.com/reports/2284129 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22302 – WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-22302
17 Jan 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Ignazio Scimone Albo Pretorio On line permite XSS almacenado. Este problema afecta a Albo Pretorio On line: desde n/a hasta 4.6.6. The Albo Pretorio Online plugin... • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2968
https://notcve.org/view.php?id=CVE-2015-2968
31 Oct 2023 — LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. LINE@ para Android versión 1.0.0 y LINE@ para iOS versión 1.0.0 son vulnerables al ataque MITM (man-in-the-middle) ya que la aplicación permite comunicaciones que no sean SSL/TLS. Como resultado, cualquier API puede ser invocada desde un scri... • http://official-blog.line.me/ja/archives/36495925.html • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0897
https://notcve.org/view.php?id=CVE-2015-0897
31 Oct 2023 — LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. LINE para Android versión 5.0.2 y anteriores y LINE para iOS versión 5.0.0 y anteriores son vulnerables a ataques MITM (man-in-the-middle) ya que la aplicación permite comunicaciones que no sean SSL/TLS. Como resultado, ... • http://official-blog.line.me/ja/archives/24809761.html • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39040
https://notcve.org/view.php?id=CVE-2023-39040
18 Sep 2023 — An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Una fuga de información en Cheese Cafe Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados. • http://cheese.com • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39039
https://notcve.org/view.php?id=CVE-2023-39039
18 Sep 2023 — An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Una fuga de información en Camp Style Project Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados. • http://camp.com • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28993 – WordPress Albo Pretorio Online Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28993
03 Apr 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions. The Albo Pretorio Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Ente' parameter in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Unauth. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •