Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-13352

Summary
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At-07 Feb, 2025 | 06:00
Updated At-07 Feb, 2025 | 15:16
Rejected At-
Credits

Legull <= 1.2.2 - Reflected XSS

The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WPScan
Assigner Org ID:1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At:07 Feb, 2025 | 06:00
Updated At:07 Feb, 2025 | 15:16
Rejected At:
▼CVE Numbering Authority (CNA)
Legull <= 1.2.2 - Reflected XSS

The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Affected Products
Vendor
Unknown
Product
Legull
Default Status
affected
Versions
Affected
  • From 0 through 1.2.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross-Site Scripting (XSS)
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Cross-Site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Hassan Khan Yusufzai - Splint3r7
coordinator
WPScan
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/2c141cc0-f79e-42bd-97a6-98829647104c/
exploit
vdb-entry
technical-description
Hyperlink: https://wpscan.com/vulnerability/2c141cc0-f79e-42bd-97a6-98829647104c/
Resource:
exploit
vdb-entry
technical-description
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:contact@wpscan.com
Published At:07 Feb, 2025 | 06:15
Updated At:23 May, 2025 | 16:42

The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
alwayscurious
alwayscurious
>>legull>>Versions up to 1.2.2(inclusive)
cpe:2.3:a:alwayscurious:legull:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://wpscan.com/vulnerability/2c141cc0-f79e-42bd-97a6-98829647104c/contact@wpscan.com
Exploit
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/2c141cc0-f79e-42bd-97a6-98829647104c/
Source: contact@wpscan.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2012Records found
CVE-2023-25154
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.37%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 19:00
Updated-10 Mar, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site scripting (XSS) of ActivityPub URI in misskey

Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a user or note received through ActivityPub is not properly validated, so by inserting a URL with a javascript scheme an attacker may execute JavaScript code in the context of the recipient. This issue has been fixed in version 13.5.0. Users are advised to upgrade. Users unable to upgrade should not "view on remote" for untrusted instances.

Action-Not Available
Vendor-misskeymisskey-dev
Product-misskeymisskey
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.13% / 33.16%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 13:32
Updated-10 Oct, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin side data storage for Contact Form 7 Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <= 1.1.1 versions.

Action-Not Available
Vendor-zestardZestard Technologies
Product-admin_side_data_storage_for_contact_form_7Admin side data storage for Contact Form 7
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-25019
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.85%
||
7 Day CHG~0.00%
Published-30 Aug, 2023 | 11:51
Updated-24 Sep, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio Chaty plugin <= 3.0.9 versions

Action-Not Available
Vendor-premioPremio
Product-chatyChaty
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24404
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 36.59%
||
7 Day CHG~0.00%
Published-23 Apr, 2023 | 09:45
Updated-10 Jan, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Marketing Performance Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions.

Action-Not Available
Vendor-rarathemesVryaSage
Product-vryasage_marketing_performanceMarketing Performance
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24409
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 11:19
Updated-19 Feb, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Responsive Tabs horizontal vertical and accordion Tabs Plugin <= 1.1.15 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.15 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-wp_responsive_tabs_horizontal_vertical_and_accordion_tabsWP Responsive Tabs horizontal vertical and accordion Tabs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-25041
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 11:17
Updated-10 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Monolit Theme <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions.

Action-Not Available
Vendor-cththemesCththemes
Product-monolitMonolit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:22
Updated-01 Oct, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salient Core Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Reflected XSS.This issue affects Salient Core: from n/a through 2.0.2.

Action-Not Available
Vendor-themenectarTheme nectar
Product-salient_coreSalient Core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23979
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 05:17
Updated-02 Aug, 2024 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.

Action-Not Available
Vendor-fullworkspluginsFullworks
Product-quick_event_managerQuick Event Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24392
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 36.59%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 07:01
Updated-19 Feb, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Full Width Banner Slider Wp Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-full_width_banner_slider_wpFull Width Banner Slider Wp
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24413
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.46%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 11:28
Updated-02 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wordpress vertical image slider plugin Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-wordpress_vertical_image_sliderWordPress vertical image slider plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 23:03
Updated-08 Jan, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Additional Order Filters for WooCommerce Plugin <= 1.10 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin <= 1.10 versions.

Action-Not Available
Vendor-antonbondAnton Bond
Product-additional_order_filters_for_woocommerceAdditional Order Filters for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47773
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 22:05
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.

Action-Not Available
Vendor-yasglobalYAS Global Team
Product-permalinks_customizerPermalinks Customizer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24811
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.29%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 19:13
Updated-10 Mar, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site scripting (XSS) vulnerability using url preview in Misskey

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.2 the URL preview function is subject to a cross site scripting vulnerability due to insufficient URL validation. Arbitrary JavaScript is executed when a malicious URL is loaded in the `View in Player` or `View in Window` preview. This has been fixed in version 13.3.2. Users are advised to upgrade. Users unable to upgrade should avoid usage of the `View in Player` or `View in Window` functions.

Action-Not Available
Vendor-misskeymisskey-dev
Product-misskeymisskey
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-25020
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 11:08
Updated-10 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.

Action-Not Available
Vendor-kibokolabsKiboko Labs
Product-arigato_autoresponder_and_newsletterArigato Autoresponder and Newsletter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24810
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.17% / 39.10%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 19:15
Updated-10 Mar, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site scripting (XSS) vulnerability using authentication callback in Misskey

Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during `miauth` authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 (including 12.x) are affected. This has been fixed in version 13.3.1. Users are advised to upgrade. Users unable to upgrade should not allow authentication of untrusted apps.

Action-Not Available
Vendor-misskeymisskey-dev
Product-misskeymisskey
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48767
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 16:43
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MyTube PlayList Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3.

Action-Not Available
Vendor-tes-indiaRaghu Goriya
Product-mytube_playlistMyTube PlayList
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47394
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.83%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:40
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP JobSearch plugin <= 2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in eyecix JobSearch allows Reflected XSS.This issue affects JobSearch: from n/a through 2.5.9.

Action-Not Available
Vendor-eyecix
Product-JobSearch
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47766
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 21:56
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Status Notifier Lite Plugin <= 1.11.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions.

Action-Not Available
Vendor-ifeelwebTimo Reith
Product-post_status_notifier_litePost Status Notifier Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47767
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 21:59
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.

Action-Not Available
Vendor-fla-shopFla-shop.com
Product-interactive_world_mapInteractive World Map
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23830
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 15:15
Updated-09 Jan, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.

Action-Not Available
Vendor-properfractionProfilePress Membership Team
Product-profilepressProfilePress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47684
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-2.02% / 82.99%
||
7 Day CHG-0.16%
Published-13 Nov, 2023 | 23:09
Updated-08 Jan, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Grid Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions.

Action-Not Available
Vendor-themepunchThemePunch OHG
Product-essential_gridEssential Grid
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22710
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.46%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 22:05
Updated-09 Jan, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Return and Warranty Management System for WooCommerce Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions.

Action-Not Available
Vendor-return_and_warranty_management_system_for_woocommerce_projectchilidevs
Product-return_and_warranty_management_system_for_woocommerceReturn and Warranty Management System for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22718
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-23 Apr, 2023 | 09:27
Updated-02 Aug, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Scripting (XSS)

Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions.

Action-Not Available
Vendor-user_meta_manager_projectJason Lau
Product-user_meta_managerUser Meta Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47876
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:43
Updated-20 Nov, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6.

Action-Not Available
Vendor-perfmattersPerfmatters
Product-perfmattersPerfmatters
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47696
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.57%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 22:33
Updated-08 Jan, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions.

Action-Not Available
Vendor-gravitymasterGravity Master
Product-product_enquiry_for_woocommerceProduct Enquiry for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22705
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 19:32
Updated-20 Feb, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Welcart e-Commerce Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.

Action-Not Available
Vendor-welcartCollne Inc.
Product-welcart_e-commerceWelcart e-Commerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47844
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:54
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4.

Action-Not Available
Vendor-neobieLim Kai Yang
Product-grab_\&_saveGrab & Save
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22682
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 11:44
Updated-02 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Camera slideshow Plugin <= 1.4.0.1 is vulnerable to Cross Site Scripting (XSS)

Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin <= 1.4.0.1 versions.

Action-Not Available
Vendor-pixedelicManuel Masia | Pixedelic.com
Product-camera_slideshowCamera slideshow
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48752
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:19
Updated-20 Nov, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Happyforms Plugin <= 1.25.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms: from n/a through 1.25.9.

Action-Not Available
Vendor-happyformsHappyforms
Product-happyformsForm builder to get in touch with visitors, grow your email list and collect payments — Happyforms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22706
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 11:05
Updated-09 Jan, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive Plugin <= 1.5.48 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.48 versions.

Action-Not Available
Vendor-wp-property-hivePropertyHive
Product-propertyhivePropertyHive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48322
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 11:18
Updated-01 Oct, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress eDoc Employee Job Application Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application – Best WordPress Job Manager for Employees: from n/a through 1.13.

Action-Not Available
Vendor-edocintelligenceeDoc Intelligence
Product-employee_job_applicationeDoc Employee Job Application – Best WordPress Job Manager for Employees
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47320
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.77%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:19
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WS Form LITE plugin <= 1.9.238 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WS Form WS Form LITE allows Stored XSS.This issue affects WS Form LITE: from n/a through 1.9.238.

Action-Not Available
Vendor-WS Form
Product-WS Form LITE
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48314
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 33.33%
||
7 Day CHG~0.00%
Published-01 Dec, 2023 | 22:02
Updated-03 Jun, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unescaped passing of the request URL in Collabora Online

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-collaboraofficeCollaboraOnline
Product-collabora_onlineonline
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 39.20%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:37
Updated-03 Jun, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Maspik – Spam blacklist Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2.

Action-Not Available
Vendor-wpmaspikyonifre
Product-maspikMaspik – Spam Blacklist
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47697
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.57%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 22:28
Updated-08 Jan, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Event Manager Plugin <= 3.1.39 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin <= 3.1.39 versions.

Action-Not Available
Vendor-wp-eventmanagerWP Event Manager
Product-wp_event_managerWP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47673
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 23:29
Updated-08 Jan, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Pay Counter Plugin <= 2.784 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stefano Ottolenghi Post Pay Counter plugin <= 2.784 versions.

Action-Not Available
Vendor-thecrownedStefano Ottolenghi
Product-post_pay_counterPost Pay Counter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48756
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.24%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 16:40
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JetBlocks For Elementor Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8.

Action-Not Available
Vendor-motopressCrocoblock
Product-jetblocks_for_elementorJetBlocks For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47848
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:51
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tainacan Plugin <= 0.20.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4.

Action-Not Available
Vendor-tainacanTainacan.org
Product-tainacanTainacan
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48326
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 11:15
Updated-08 Oct, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Events Manager Plugin <= 6.4.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5.

Action-Not Available
Vendor-pixelitePixelite
Product-events_managerEvents Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48771
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 16:54
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress File Gallery Plugin <= 1.8.5.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno "Aesqe" Babic File Gallery allows Reflected XSS.This issue affects File Gallery: from n/a through 1.8.5.4.

Action-Not Available
Vendor-skypheBruno "Aesqe" Babic
Product-file_galleryFile Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47695
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.57%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 22:59
Updated-08 Jan, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shortcodes Finder Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Shortcodes Finder plugin <= 1.5.3 versions.

Action-Not Available
Vendor-scribitScribit
Product-shortcodes_finderShortcodes Finder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47790
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.67%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 23:27
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pz-LinkCard Plugin <= 2.4.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions.

Action-Not Available
Vendor-popozurePoporon
Product-pz-linkcardPz-LinkCard
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22311
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 44.09%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:40
Updated-02 Aug, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simply Schedule Appointments plugin <= 1.6.6.20 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20.

Action-Not Available
Vendor-N Squared Digital, LLC
Product-Simply Schedule Appointments
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:11
Updated-14 Aug, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Restrict Categories Plugin <= 2.6.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2.6.4 versions.

Action-Not Available
Vendor-vfbproMatthew Muro
Product-restrict_categoriesRestrict Categories
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47508
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.57%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 18:26
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions.

Action-Not Available
Vendor-Depicter (Averta)
Product-master_sliderMaster Slider Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47547
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 20:45
Updated-07 Jan, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Products, Order & Customers Export for WooCommerce Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions.

Action-Not Available
Vendor-wpfactoryWPFactory
Product-products\,_order_\&_customers_export_for_woocommerceProducts, Order & Customers Export for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47522
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 21:36
Updated-07 Jan, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Feed Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin <= 2.2.1 versions.

Action-Not Available
Vendor-photofeedPhoto Feed
Product-photo_feedPhoto Feed
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47509
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.57%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 18:20
Updated-28 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Edit WooCommerce Templates Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup Edit WooCommerce Templates plugin <= 1.1.1 versions.

Action-Not Available
Vendor-ioannupioannup
Product-edit_woocommerce_templatesEdit WooCommerce Templates
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47544
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 21:01
Updated-07 Jan, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Atarim Plugin <= 3.12 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.12 versions.

Action-Not Available
Vendor-atarimAtarim
Product-visual_collaborationVisual Website Collaboration, Feedback & Project Management – Atarim
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 18:07
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Star CloudPRNT for WooCommerce Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT for WooCommerce plugin <= 2.0.3 versions.

Action-Not Available
Vendor-star-emealawrenceowen, gcubero, acunnningham, fmahmood
Product-star_cloudprnt_for_woocommerceStar CloudPRNT for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 40
  • 41
  • Next
Details not found