Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-13863

Summary
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At-25 Mar, 2025 | 06:00
Updated At-25 Mar, 2025 | 14:16
Rejected At-
Credits

Stylish Google Sheet Reader < 4.1 - Reflected XSS

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WPScan
Assigner Org ID:1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At:25 Mar, 2025 | 06:00
Updated At:25 Mar, 2025 | 14:16
Rejected At:
▼CVE Numbering Authority (CNA)
Stylish Google Sheet Reader < 4.1 - Reflected XSS

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affected Products
Vendor
Unknown
Product
Stylish Google Sheet Reader 4.0
Default Status
unaffected
Versions
Affected
  • From 0 before 4.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross-Site Scripting (XSS)
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Cross-Site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Hassan Khan Yusufzai - Splint3r7
coordinator
WPScan
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/a6161595-0934-4baa-9da6-73792f4b87fd/
exploit
vdb-entry
technical-description
Hyperlink: https://wpscan.com/vulnerability/a6161595-0934-4baa-9da6-73792f4b87fd/
Resource:
exploit
vdb-entry
technical-description
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:contact@wpscan.com
Published At:25 Mar, 2025 | 06:15
Updated At:29 Apr, 2025 | 17:35

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
wppluginbox
wppluginbox
>>stylish_google_sheet_reader>>4.0
cpe:2.3:a:wppluginbox:stylish_google_sheet_reader:4.0:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://wpscan.com/vulnerability/a6161595-0934-4baa-9da6-73792f4b87fd/contact@wpscan.com
Exploit
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/a6161595-0934-4baa-9da6-73792f4b87fd/
Source: contact@wpscan.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2021Records found
CVE-2025-32666
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hive Support plugin <= 1.2.2- Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support allows Reflected XSS. This issue affects Hive Support: from n/a through 1.2.2.

Action-Not Available
Vendor-Hive Support
Product-Hive Support
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32674
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:46
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Excel Import Export & Bulk Edit for WooCommerce plugin <= 4.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce allows Reflected XSS. This issue affects Product Excel Import Export & Bulk Edit for WooCommerce: from n/a through 4.7.

Action-Not Available
Vendor-WPFactory
Product-Product Excel Import Export & Bulk Edit for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32611
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce TBC Credit Card Payment Gateway (Free) Plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in We Are De WooCommerce TBC Credit Card Payment Gateway (Free) allows Reflected XSS. This issue affects WooCommerce TBC Credit Card Payment Gateway (Free): from n/a through 2.0.0.

Action-Not Available
Vendor-We Are De
Product-WooCommerce TBC Credit Card Payment Gateway (Free)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-50892
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.23%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 11:15
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TheGem Theme <= 5.9.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.

Action-Not Available
Vendor-codex-themesCodexThemes
Product-thegemTheGem - Creative Multi-Purpose & WooCommerce WordPress Theme
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32285
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.30%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Butcher theme <= 2.40 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Butcher allows Reflected XSS. This issue affects Butcher: from n/a through 2.40.

Action-Not Available
Vendor-ApusTheme
Product-Butcher
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32608
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Movylo Marketing Automation Plugin <= 2.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Movylo Movylo Marketing Automation allows Reflected XSS. This issue affects Movylo Marketing Automation: from n/a through 2.0.7.

Action-Not Available
Vendor-Movylo
Product-Movylo Marketing Automation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32625
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mobile Blocks Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Mobile Pages allows Reflected XSS. This issue affects Mobile Pages: from n/a through 1.0.2.

Action-Not Available
Vendor-pootlepress
Product-Mobile Pages
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-50905
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.89%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 05:35
Updated-08 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Activity Log Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.

Action-Not Available
Vendor-Melapressmelapress
Product-WP Activity Logwp_activity_log
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32605
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MemberPress Discord Addon Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon allows Reflected XSS. This issue affects MemberPress Discord Addon: from n/a through 1.1.1.

Action-Not Available
Vendor-expresstechsoftware
Product-MemberPress Discord Addon
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32535
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DN Shipping by Weight for WooCommerce Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digireturn DN Shipping by Weight for WooCommerce allows Reflected XSS. This issue affects DN Shipping by Weight for WooCommerce: from n/a through 1.2.

Action-Not Available
Vendor-digireturn
Product-DN Shipping by Weight for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32609
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Verowa Connect Plugin <= 3.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect allows Reflected XSS. This issue affects Verowa Connect: from n/a through 3.0.4.

Action-Not Available
Vendor-Picture-Planet GmbH
Product-Verowa Connect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32586
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 08:42
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ABA PayWay Payment Gateway for WooCommerce Plugin <= 2.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABA Bank ABA PayWay Payment Gateway for WooCommerce allows Reflected XSS. This issue affects ABA PayWay Payment Gateway for WooCommerce: from n/a through 2.1.3.

Action-Not Available
Vendor-ABA Bank
Product-ABA PayWay Payment Gateway for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Estimate and Quote plugin <= 1.0.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cscode WooCommerce Estimate and Quote allows Reflected XSS. This issue affects WooCommerce Estimate and Quote: from n/a through 1.0.2.5.

Action-Not Available
Vendor-cscode
Product-WooCommerce Estimate and Quote
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32649
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GB Gallery Slideshow Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gb-plugins GB Gallery Slideshow allows Reflected XSS. This issue affects GB Gallery Slideshow: from n/a through 1.3.

Action-Not Available
Vendor-gb-plugins
Product-GB Gallery Slideshow
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32506
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AT Internet SmartTag plugin <= 0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BenDlz AT Internet SmartTag allows Reflected XSS. This issue affects AT Internet SmartTag: from n/a through 0.2.

Action-Not Available
Vendor-BenDlz
Product-AT Internet SmartTag
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49178
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 14:40
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HDW Player Plugin (Video Player & Video Gallery) Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0.

Action-Not Available
Vendor-hdwplayerMr. Hdwplayer
Product-hdw_playerHDW Player Plugin (Video Player & Video Gallery)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32503
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Link Shield plugin <= 0.5.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield allows Stored XSS. This issue affects Link Shield: from n/a through 0.5.4.

Action-Not Available
Vendor-Jose Conti
Product-Link Shield
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32570
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ChillPay WooCommerce Plugin <= 2.5.3 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce allows Stored XSS. This issue affects ChillPay WooCommerce: from n/a through 2.5.3.

Action-Not Available
Vendor-ChillPay
Product-ChillPay WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32923
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:53
Updated-16 Apr, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tourmaster plugin < 5.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. This issue affects Tourmaster: from n/a through n/a.

Action-Not Available
Vendor-NotFound
Product-Tourmaster
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32539
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 08:42
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce – Store Exporter plugin <= 2.7.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach WooCommerce – Store Exporter allows Reflected XSS. This issue affects WooCommerce – Store Exporter: from n/a through 2.7.4.

Action-Not Available
Vendor-Josh Kohlbach
Product-WooCommerce – Store Exporter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32561
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP_DEBUG Toggle plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plugins.club WP_DEBUG Toggle allows Reflected XSS. This issue affects WP_DEBUG Toggle: from n/a through 1.1.

Action-Not Available
Vendor-plugins.club
Product-WP_DEBUG Toggle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Silvasoft boekhouden plugin <= 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden allows Reflected XSS. This issue affects Silvasoft boekhouden: from n/a through 3.0.5.

Action-Not Available
Vendor-silvasoft
Product-Silvasoft boekhouden
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32630
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-BusinessDirectory Plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Reflected XSS. This issue affects WP-BusinessDirectory: from n/a through 3.1.2.

Action-Not Available
Vendor-CMSJunkie - WordPress Business Directory Plugins
Product-WP-BusinessDirectory
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49177
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 14:24
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress which template file Plugin <= 4.9.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0.

Action-Not Available
Vendor-gillesdumasGilles Dumas
Product-which_template_filewhich template file
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32115
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 08:09
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popping Content Light plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Content Light allows Reflected XSS. This issue affects Popping Content Light: from n/a through 2.4.

Action-Not Available
Vendor-OTWthemes
Product-Popping Content Light
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32490
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wp secure <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebsiteDefender wp secure allows Stored XSS. This issue affects wp secure: from n/a through 1.2.

Action-Not Available
Vendor-WebsiteDefender
Product-wp secure
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32598
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.33%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 08:42
Updated-15 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Table Builder plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4.

Action-Not Available
Vendor-WP Table Builder
Product-WP Table Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32522
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress License Manager for WooCommerce plugin <= 3.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPExperts.io License Manager for WooCommerce allows Reflected XSS. This issue affects License Manager for WooCommerce: from n/a through 3.0.9.

Action-Not Available
Vendor-WPExperts.io
Product-License Manager for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32529
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress iONE360 configurator plugin <= 2.0.56 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iONE360 iONE360 configurator allows Reflected XSS. This issue affects iONE360 configurator: from n/a through 2.0.56.

Action-Not Available
Vendor-iONE360
Product-iONE360 configurator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:22
Updated-01 Oct, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salient Core Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Reflected XSS.This issue affects Salient Core: from n/a through 2.0.2.

Action-Not Available
Vendor-themenectarTheme nectar
Product-salient_coreSalient Core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32588
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Credova_Financial plugin <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Credova Financial Credova_Financial allows Reflected XSS. This issue affects Credova_Financial: from n/a through 2.4.8.

Action-Not Available
Vendor-Credova Financial
Product-Credova_Financial
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49182
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 14:52
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10.

Action-Not Available
Vendor-marzoccaFabio Marzocca
Product-list_all_posts_by_authors_nested_categories_and_titlesList all posts by Authors, nested Categories and Titles
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49187
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 15:02
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Adifier System Plugin < 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.

Action-Not Available
Vendor-spoonthemesSpoonthemes
Product-adifierAdifier - Classified Ads WordPress Theme
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49172
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:31
Updated-20 Nov, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BrainCert – HTML5 Virtual Classroom Plugin <= 1.30 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert – HTML5 Virtual Classroom: from n/a through 1.30.

Action-Not Available
Vendor-braincertBrainCert
Product-virtual_classroom_apiBrainCert – HTML5 Virtual Classroom
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49170
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 14:10
Updated-02 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forms by CaptainForm Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3.

Action-Not Available
Vendor-captainformcaptainform
Product-captainformForms by CaptainForm – Form Builder for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49185
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 14:59
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Doofinder for WooCommerce Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7.

Action-Not Available
Vendor-doofinderDoofinder
Product-doofinderDoofinder WP & WooCommerce Search
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49158
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.20%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:30
Updated-09 Dec, 2024 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LadiApp plugin <= 4.4 - Broken Access Control lead to XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LadiPage LadiApp allows Stored XSS.This issue affects LadiApp: from n/a through 4.4.

Action-Not Available
Vendor-LadiPage
Product-LadiApp
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32562
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Easy Poll Plugin <= 2.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Easy Poll allows Reflected XSS. This issue affects WP Easy Poll: from n/a through 2.2.9.

Action-Not Available
Vendor-aviplugins.com
Product-WP Easy Poll
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32560
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-Hijri Plugin <= 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohammad I. Okfie WP-Hijri allows Reflected XSS. This issue affects WP-Hijri: from n/a through 1.5.3.

Action-Not Available
Vendor-Mohammad I. Okfie
Product-WP-Hijri
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32592
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TableOn Plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Stored XSS. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.3.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-TableOn – WordPress Posts Table Filterable
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32117
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:59
Updated-09 Apr, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.

Action-Not Available
Vendor-OTWthemes
Product-Widgetize Pages Light
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32615
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clinked Client Portal Plugin <= 1.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clinked Clinked Client Portal allows Reflected XSS. This issue affects Clinked Client Portal: from n/a through 1.10.

Action-Not Available
Vendor-Clinked
Product-Clinked Client Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32524
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 08:42
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MyWorks WooCommerce Sync for QuickBooks Online plugin <= 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online allows Reflected XSS. This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a through 2.9.1.

Action-Not Available
Vendor-MyWorks
Product-MyWorks WooCommerce Sync for QuickBooks Online
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47115
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-2.25% / 83.94%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 22:49
Updated-30 May, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Label Studio XSS Vulnerability on Avatar Upload

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. The file `users/functions.py` lines 18-49 show that the only verification check is that the file is an image by extracting the dimensions from the file. Label Studio serves avatar images using Django's built-in `serve` view, which is not secure for production use according to Django's documentation. The issue with the Django `serve` view is that it determines the `Content-Type` of the response by the file extension in the URL path. Therefore, an attacker can upload an image that contains malicious HTML code and name the file with a `.html` extension to be rendered as a HTML page. The only file extension validation is performed on the client-side, which can be easily bypassed. Version 1.9.2 fixes this issue. Other remediation strategies include validating the file extension on the server side, not in client-side code; removing the use of Django's `serve` view and implement a secure controller for viewing uploaded avatar images; saving file content in the database rather than on the filesystem to mitigate against other file related vulnerabilities; and avoiding trusting user controlled inputs.

Action-Not Available
Vendor-humansignalHumanSignal
Product-label_studiolabel-studio
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32557
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Featured Screenshot Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rico Macchi WP Featured Screenshot allows Reflected XSS. This issue affects WP Featured Screenshot: from n/a through 1.3.

Action-Not Available
Vendor-Rico Macchi
Product-WP Featured Screenshot
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32634
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Run Contests, Raffles, and Giveaways Plugin <= 2.0.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP allows Reflected XSS. This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through 2.0.6.

Action-Not Available
Vendor-mdedev
Product-Run Contests, Raffles, and Giveaways with ContestsWP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47768
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.57%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 22:02
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Footer Putter Plugin <= 1.17 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions.

Action-Not Available
Vendor-diywebmasteryRussell Jamieson
Product-footer_putterFooter Putter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47767
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 21:59
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.

Action-Not Available
Vendor-fla-shopFla-shop.com
Product-interactive_world_mapInteractive World Map
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47547
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 20:45
Updated-07 Jan, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Products, Order & Customers Export for WooCommerce Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions.

Action-Not Available
Vendor-wpfactoryWPFactory
Product-products\,_order_\&_customers_export_for_woocommerceProducts, Order & Customers Export for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47522
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 21:36
Updated-07 Jan, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Feed Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin <= 2.2.1 versions.

Action-Not Available
Vendor-photofeedPhoto Feed
Product-photo_feedPhoto Feed
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 40
  • 41
  • Next
Details not found