CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The WowAddons plugin version 1.6.14 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
The Simple Link Directory plugin version 15.0.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Slider Revolution plugin versions 7.0.0 through 7.0.16 contain a reflected Cross-site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. An attacker can inject a malicious script into an HTTP request that will be executed in the victim's browser.
The WP Photo Album Plus plugin version 9.2.02.004 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Timetics plugin version 1.0.58 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Optimole plugin version 4.2.7 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows a remote attacker to inject malicious script without requiring authentication.
The wpDataTables plugin version 6.5.1.1 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Perfmatters plugin version 2.6.4 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Google Maps CP plugin version 1.2.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. This allows a remote attacker to inject malicious script without requiring authentication.
The Modula - PRO plugin version 2.10.8 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The WPAdverts plugin version 2.3.1 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
The ChatBot plugin version 8.3.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Survey Maker plugin for WordPress versions 5.2.2.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows a remote attacker to inject malicious script without requiring authentication.
The eCommerce Product Catalog plugin version 3.5.4 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
The ReviewX plugin for WordPress versions 2.3.10 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Customize My Account for WooCommerce plugin version 4.3.9 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject a malicious script that executes in the victim's browser.
The Search Atlas SEO plugin version 2.6.6 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The MC Woocommerce Wishlist plugin version 1.9.19 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
The HandL UTM Grabber plugin version 2.9.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript without requiring authentication.
The WP Debugging plugin version 2.12.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

