Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-10152

Summary
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At-26 Feb, 2025 | 06:00
Updated At-26 Feb, 2025 | 16:17
Rejected At-
Credits

Simple Certain Time to Show Content < 1.3.1 - Reflected XSS

The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WPScan
Assigner Org ID:1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At:26 Feb, 2025 | 06:00
Updated At:26 Feb, 2025 | 16:17
Rejected At:
▼CVE Numbering Authority (CNA)
Simple Certain Time to Show Content < 1.3.1 - Reflected XSS

The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Affected Products
Vendor
Unknown
Product
Simple Certain Time to Show Content
Default Status
unaffected
Versions
Affected
  • From 0 before 1.3.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross-Site Scripting (XSS)
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Cross-Site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Bob Matyas
coordinator
WPScan
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/b4d17da2-4c47-4fd1-a6bd-6692b07cf710/
exploit
vdb-entry
technical-description
Hyperlink: https://wpscan.com/vulnerability/b4d17da2-4c47-4fd1-a6bd-6692b07cf710/
Resource:
exploit
vdb-entry
technical-description
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:contact@wpscan.com
Published At:26 Feb, 2025 | 13:15
Updated At:15 May, 2025 | 20:49

The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
elementengage
elementengage
>>simple_certain_time_to_show_content>>Versions before 1.3.1(exclusive)
cpe:2.3:a:elementengage:simple_certain_time_to_show_content:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://wpscan.com/vulnerability/b4d17da2-4c47-4fd1-a6bd-6692b07cf710/contact@wpscan.com
Exploit
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/b4d17da2-4c47-4fd1-a6bd-6692b07cf710/
Source: contact@wpscan.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2021Records found
CVE-2025-49064
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Language Switch plugin <= 1.6.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS. This issue affects User Language Switch: from n/a through 1.6.10.

Action-Not Available
Vendor-Webilop
Product-User Language Switch
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-48112
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dot html,php,xml etc pages plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0.

Action-Not Available
Vendor-karimmughal
Product-Dot html,php,xml etc pages
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-49065
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visit Counter Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter allows Stored XSS. This issue affects Visit Counter: from n/a through 1.0.

Action-Not Available
Vendor-BestiaDurmiente
Product-Visit Counter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-48345
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Editor Button plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft Contact Form 7 Editor Button allows Reflected XSS. This issue affects Contact Form 7 Editor Button: from n/a through 1.0.0.

Action-Not Available
Vendor-ARI Soft
Product-Contact Form 7 Editor Button
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13624
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.30% / 52.78%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 06:00
Updated-15 May, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPMovieLibrary <= 2.1.4.8 - Reflected XSS

The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-caercamUnknown
Product-wpmovielibraryWPMovieLibrary
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-48163
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support <= 3.5.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support allows Reflected XSS. This issue affects SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support: from n/a through 3.5.4.

Action-Not Available
Vendor-LambertGroup
Product-SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-48296
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UpStore <= 1.7.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore allows Reflected XSS. This issue affects UpStore: from n/a through 1.7.0.

Action-Not Available
Vendor-skygroup
Product-UpStore
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-48297
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Link Directory < 14.8.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory allows Reflected XSS. This issue affects Simple Link Directory: from n/a through n/a.

Action-Not Available
Vendor-quantumcloud
Product-Simple Link Directory
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-48329
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 11:48
Updated-06 Jun, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.

Action-Not Available
Vendor-Daman Jeet
Product-Real Time Validation for Gravity Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-49290
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 11:52
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Reflected XSS. This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.4.

Action-Not Available
Vendor-Jory Hogeveen
Product-Off-Canvas Sidebars & Menus (Slidebars)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-48279
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:53
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WC MyParcel Belgium plugin <= 4.5.5-beta - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. This issue affects WC MyParcel Belgium: from 4.5.5 through beta.

Action-Not Available
Vendor-Richard Perdaan
Product-WC MyParcel Belgium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-48291
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contest Gallery <= 26.0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery allows Stored XSS. This issue affects Contest Gallery: from n/a through 26.0.6.

Action-Not Available
Vendor-Wasiliy Strecker / ContestGallery developer
Product-Contest Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-49054
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Time Sheets plugin <= 2.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets allows Reflected XSS. This issue affects Time Sheets: from n/a through 2.1.3.

Action-Not Available
Vendor-mrdenny
Product-Time Sheets
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-40313
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-7.1||HIGH
EPSS-0.34% / 55.80%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 16:34
Updated-20 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.

Action-Not Available
Vendor-n/aFedora ProjectMoodle Pty Ltd
Product-fedoraextra_packages_for_enterprise_linuxmoodlemoodle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47678
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FunnelCockpit plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects FunnelCockpit: from n/a through 1.4.2.

Action-Not Available
Vendor-FunnelCockpit
Product-FunnelCockpit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47613
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress School Management System for Wordpress plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.

Action-Not Available
Vendor-mojoomla
Product-School Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13632
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 06:00
Updated-20 May, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Extra Fields <= 1.0.1 - Reflected XSS

The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-sprintexpertsUnknown
Product-wp_extra_fieldsWP Extra Fields
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13885
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 06:00
Updated-29 Apr, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP E Customers <= 0.0.1 - Reflected XSS

The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-webtechglobalUnknown
Product-wp_e-customers_betaWP e-Customers Beta
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47477
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:54
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.23 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule allows Reflected XSS. This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.23.

Action-Not Available
Vendor-revmakx
Product-Backup and Staging by WP Time Capsule
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13631
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 06:00
Updated-20 May, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OM Stripe <= 02.00.00 - Reflected XSS

The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-sanditsolutionUnknown
Product-om_stripeOm Stripe
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13891
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 06:00
Updated-29 Apr, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Schedule <= 1.0.0 - Reflected XSS

The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-schedulerUnknown
Product-scheduleSchedule
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Blogster Lite plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite allows Reflected XSS. This issue affects Video Blogster Lite: from n/a through 1.2.

Action-Not Available
Vendor-johnh10
Product-Video Blogster Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13625
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.75%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 06:00
Updated-14 May, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tube Video Ads Lite <= 1.5.7 - Reflected XSS

The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-gualdoniUnknown
Product-tube_video_ads_liteTube Video Ads Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13329
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 06:00
Updated-07 May, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Solidres <= 0.9.4 - Reflected XSS

The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-solidresUnknown
Product-solidresSolidres
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13876
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG+0.01%
Published-20 Mar, 2025 | 06:00
Updated-09 Apr, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Meintopf <= 0.2.1 - Reflected XSS

The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-tiefpunktUnknown
Product-meintopfmEintopf
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13878
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG+0.01%
Published-20 Mar, 2025 | 06:00
Updated-20 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpotBot <= 0.1.8 - Reflected XSS

The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-Unknown
Product-SpotBot
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BMI Adult & Kid Calculator plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator allows Reflected XSS. This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.2.

Action-Not Available
Vendor-Mortgage Calculator
Product-BMI Adult & Kid Calculator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13862
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 06:00
Updated-21 May, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
S3Bubble Media Streaming <= 8.0 - Reflected XSS

The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-s3bubbleUnknown
Product-s3bubble-amazon-web-services-oembed-media-streaming-supportS3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13633
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 06:00
Updated-20 May, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Catalogue <= 1.0.2 - Reflected XSS

The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-fb-creationsUnknown
Product-simple_catalogueSimple catalogue
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13881
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG+0.01%
Published-20 Mar, 2025 | 06:00
Updated-20 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LinkMyPosts <= 1.0 - Reflected XSS

The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-Unknown
Product-Link My Posts
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47652
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Infility Global plugin <= 2.13.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.13.4.

Action-Not Available
Vendor-Infility
Product-Infility Global
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47458
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress B2i Investor Tools plugin <= 1.0.7.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B2itech B2i Investor Tools allows Reflected XSS. This issue affects B2i Investor Tools: from n/a through 1.0.7.9.

Action-Not Available
Vendor-B2itech
Product-B2i Investor Tools
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47673
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.16.

Action-Not Available
Vendor-tychesoftwares
Product-Arconix Shortcodes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13571
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 06:00
Updated-15 May, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post Timeline < 2.3.10 - Reflected XSS

The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-UnknownAgile Logix
Product-post_timelinePost Timeline
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13874
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.90%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 06:00
Updated-30 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Feedify – Web Push Notifications < 2.4.6 - Reflected XSS

The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-feedifyUnknown
Product-web_push_notificationsFeedify
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47680
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-27 May, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress xili-tidy-tags plugin <= 1.12.06 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06.

Action-Not Available
Vendor-Michel - xiligroup dev
Product-xili-tidy-tags
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47487
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:54
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MC Woocommerce Wishlist <= 1.9.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1.

Action-Not Available
Vendor-moreconvert
Product-MC Woocommerce Wishlist
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47611
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khaled User Meta allows Reflected XSS. This issue affects User Meta: from n/a through 3.1.2.

Action-Not Available
Vendor-Khaled
Product-User Meta
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47554
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CSS3 Compare Pricing Tables for WordPress plugin <= 11.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Reflected XSS. This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through 11.6.

Action-Not Available
Vendor-QuanticaLabs
Product-CSS3 Compare Pricing Tables for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46487
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EC Authorize.net plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sftranna EC Authorize.net allows Reflected XSS. This issue affects EC Authorize.net: from n/a through 0.3.3.

Action-Not Available
Vendor-sftranna
Product-EC Authorize.net
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46499
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PayPal Express Checkout plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout allows Stored XSS. This issue affects PayPal Express Checkout: from n/a through 2.1.2.

Action-Not Available
Vendor-hccoder
Product-PayPal Express Checkout
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46502
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LSD Custom taxonomy and category meta plugin <= 1.3.2 - CSRF to XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery. This issue affects LSD Custom taxonomy and category meta: from n/a through 1.3.2.

Action-Not Available
Vendor-Bas Matthee
Product-LSD Custom taxonomy and category meta
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47654
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 11:52
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.20 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Reflected XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.20.

Action-Not Available
Vendor-FormLift - Adrian Tobey (Groundhogg Inc.)
Product-FormLift for Infusionsoft Web Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13094
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.37%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 06:00
Updated-07 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Triggers Lite <= 2.5.3 - Reflected XSS

The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-wptriggersUnknown
Product-wp_triggers_liteWP Triggers Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12749
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.37%
||
7 Day CHG~0.00%
Published-29 Jan, 2025 | 06:00
Updated-11 May, 2025 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Competition Form <= 2.0 - Reflected XSS

The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-raiserwebUnknown
Product-competition_formCompetition Form
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47574
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 11:52
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress School Management System Plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.

Action-Not Available
Vendor-mojoomla
Product-School Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12400
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.88%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 06:00
Updated-09 Jun, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tourmaster < 5.3.5 - Reflected XSS

The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

Action-Not Available
Vendor-goodlayersUnknown
Product-tour_mastertourmaster
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46449
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WoWHead Tooltips <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips allows Stored XSS. This issue affects WoWHead Tooltips: from n/a through 2.0.1.

Action-Not Available
Vendor-Novium
Product-WoWHead Tooltips
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46448
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Document Management System <= 1.24 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System allows Reflected XSS. This issue affects Document Management System: from n/a through 1.24.

Action-Not Available
Vendor-reifsnyderb
Product-Document Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Theme Blvd Sliders plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders allows Reflected XSS. This issue affects Theme Blvd Sliders: from n/a through 1.2.5.

Action-Not Available
Vendor-Jason
Product-Theme Blvd Sliders
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 40
  • 41
  • Next
Details not found