Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-27958

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-17 Mar, 2024 | 16:24
Updated At-28 Apr, 2026 | 16:09
Rejected At-
Credits

WordPress Visualizer plugin <= 3.10.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:17 Mar, 2024 | 16:24
Updated At:28 Apr, 2026 | 16:09
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Visualizer plugin <= 3.10.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5.

Affected Products
Vendor
ThemeisleThemeisle
Product
Visualizer
Collection URL
https://wordpress.org/plugins
Package Name
visualizer
Default Status
unaffected
Versions
Affected
  • From n/a through 3.10.5 (custom)
    • -> unaffectedfrom3.10.6
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions

Update to 3.10.6 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
stealthcopter (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/visualizer/wordpress-visualizer-plugin-3-10-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/visualizer/wordpress-visualizer-plugin-3-10-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/visualizer/wordpress-visualizer-plugin-3-10-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/visualizer/wordpress-visualizer-plugin-3-10-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:17 Mar, 2024 | 17:15
Updated At:17 Mar, 2024 | 22:38

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/visualizer/wordpress-visualizer-plugin-3-10-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/visualizer/wordpress-visualizer-plugin-3-10-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2444Records found
CVE-2025-24599
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.12%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 14:21
Updated-11 May, 2026 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsletters plugin <= 4.9.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.9.9.6.

Action-Not Available
Vendor-Tribulant Software
Product-Newsletters
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24586
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 40.01%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:48
Updated-12 May, 2026 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shipment Tracker for Woocommerce plugin <= 1.4.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bitsstech Shipment Tracker for Woocommerce shipment-tracker-for-woocommerce allows Reflected XSS.This issue affects Shipment Tracker for Woocommerce: from n/a through <= 1.4.23.

Action-Not Available
Vendor-bitsstech
Product-Shipment Tracker for Woocommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24576
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.61%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:22
Updated-11 May, 2026 | 23:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Landing Page Cat plugin <= 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.7.

Action-Not Available
Vendor-fatcatapps
Product-Landing Page Cat
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24563
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 38.97%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:24
Updated-11 May, 2026 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cleanup – Directory Listing & Classifieds plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeglow Cleanup – Directory Listing & Classifieds WordPress Plugin cleanup-light allows Reflected XSS.This issue affects Cleanup – Directory Listing & Classifieds WordPress Plugin: from n/a through <= 1.0.4.

Action-Not Available
Vendor-themeglow
Product-Cleanup – Directory Listing & Classifieds WordPress Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24548
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 40.01%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:48
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Autoglot – Automatic WordPress Translation plugin <=2.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Autoglot Autoglot – Automatic WordPress Translation autoglot allows Reflected XSS.This issue affects Autoglot – Automatic WordPress Translation: from n/a through <= 2.4.7.

Action-Not Available
Vendor-Autoglot
Product-Autoglot – Automatic WordPress Translation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24544
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.43%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:22
Updated-11 May, 2026 | 23:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bitcoin and Altcoin Wallets plugin <= 6.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dashed-slug.net Bitcoin and Altcoin Wallets wallets allows Reflected XSS.This issue affects Bitcoin and Altcoin Wallets: from n/a through <= 6.3.1.

Action-Not Available
Vendor-dashed-slug.net
Product-Bitcoin and Altcoin Wallets
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24632
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.24%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:24
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.9.0 -Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce advanced-dynamic-pricing-for-woocommerce allows Reflected XSS.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through <= 4.9.0.

Action-Not Available
Vendor-algol.plusAlgolPlus
Product-Advanced Dynamic Pricing for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23737
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.20%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 10:52
Updated-11 May, 2026 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Network-Favorites plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thobian Network-Favorites network-favorites allows Reflected XSS.This issue affects Network-Favorites: from n/a through <= 1.1.

Action-Not Available
Vendor-thobian
Product-Network-Favorites
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23852
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-11 May, 2026 | 23:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress First Comment Redirect plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robin90 First Comment Redirect first-comment-redirect allows Reflected XSS.This issue affects First Comment Redirect: from n/a through <= 1.0.3.

Action-Not Available
Vendor-robin90
Product-First Comment Redirect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23602
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.28%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-11 May, 2026 | 23:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Reflected XSS.This issue affects EELV Newsletter: from n/a through <= 4.8.2.

Action-Not Available
Vendor-Europe Ecologie Les Verts
Product-EELV Newsletter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23826
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.34% / 57.11%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-12 May, 2026 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stop Comment Spam plugin <= 0.5.3 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pedjas Stop Comment Spam stop-comment-spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through <= 0.5.3.

Action-Not Available
Vendor-pedjas
Product-Stop Comment Spam
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.26% / 49.11%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 10:55
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tantyyellow theme <= 1.0.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through 1.0.0.5.

Action-Not Available
Vendor-ta2g
Product-Tantyyellow
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23834
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.20%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 15:29
Updated-12 May, 2026 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Links/Problem Reporter plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter report-broken-links allows Reflected XSS.This issue affects Links/Problem Reporter: from n/a through <= 2.6.0.

Action-Not Available
Vendor-RaminMT
Product-Links/Problem Reporter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23460
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.41%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RWS Enquiry And Lead Follow-up plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rhizomaticweb RWS Enquiry And Lead Follow-up rws-enquiry allows Reflected XSS.This issue affects RWS Enquiry And Lead Follow-up: from n/a through <= 1.0.

Action-Not Available
Vendor-rhizomaticweb
Product-RWS Enquiry And Lead Follow-up
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23431
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Envato Affiliater plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khaninejad Envato Affiliater envato-affiliater allows Reflected XSS.This issue affects Envato Affiliater: from n/a through <= 1.2.4.

Action-Not Available
Vendor-khaninejad
Product-Envato Affiliater
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23554
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.46%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 23:51
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Off Page SEO plugin <= 3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page SEO: from n/a through <= 3.0.3.

Action-Not Available
Vendor-Jakub Glos
Product-Off Page SEO
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23643
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:32
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ReadMe Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in a.ankit ReadMe Creator readme-creator allows Reflected XSS.This issue affects ReadMe Creator: from n/a through <= 1.0.

Action-Not Available
Vendor-a.ankit
Product-ReadMe Creator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23531
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.85%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSVPMaker Volunteer Roles plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidfcarr RSVPMaker Volunteer Roles rsvpmaker-volunteer-roles allows Reflected XSS.This issue affects RSVPMaker Volunteer Roles: from n/a through <= 1.5.1.

Action-Not Available
Vendor-davidfcarr
Product-RSVPMaker Volunteer Roles
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23744
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.02%
||
7 Day CHG~0.00%
Published-15 Mar, 2025 | 21:57
Updated-11 May, 2026 | 23:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Random Posts, Mp3 Player + ShareButton plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dvs11 Random Posts, Mp3 Player + ShareButton random-posts-mp3-player-sharebutton allows Reflected XSS.This issue affects Random Posts, Mp3 Player + ShareButton: from n/a through <= 1.4.1.

Action-Not Available
Vendor-dvs11
Product-Random Posts, Mp3 Player + ShareButton
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23601
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.34% / 57.11%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tab My Content plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in patrice Tab My Content tab-my-content allows Reflected XSS.This issue affects Tab My Content: from n/a through <= 1.0.0.

Action-Not Available
Vendor-patrice
Product-Tab My Content
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23500
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Custom post type custom field plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faaiq Simple Custom post type custom field simple-content-construction-kit allows Reflected XSS.This issue affects Simple Custom post type custom field: from n/a through <= 1.0.3.

Action-Not Available
Vendor-faaiq
Product-Simple Custom post type custom field
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23596
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:24
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Notifikácie.sk plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grafeon Notifikácie.sk notifikacie-sk allows Reflected XSS.This issue affects Notifikácie.sk: from n/a through <= 1.0.

Action-Not Available
Vendor-grafeon
Product-Notifikácie.sk
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23770
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fast Tube plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caspie Fast Tube fast-tube allows Reflected XSS.This issue affects Fast Tube: from n/a through <= 2.3.1.

Action-Not Available
Vendor-Caspie
Product-Fast Tube
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23492
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.46%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 淘宝客插件 plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress 淘宝客插件 taobaoke allows Reflected XSS.This issue affects WordPress 淘宝客插件: from n/a through <= 1.1.2.

Action-Not Available
Vendor-CantonBolo
Product-WordPress 淘宝客插件
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23425
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Marekkis Watermark plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marekki Marekkis Watermark marekkis-watermark allows Reflected XSS.This issue affects Marekkis Watermark: from n/a through <= 0.9.4.

Action-Not Available
Vendor-marekki
Product-Marekkis Watermark
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23547
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.28%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LH Login Page plugin <= 2.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shawfactor LH Login Page lh-login-page allows Reflected XSS.This issue affects LH Login Page: from n/a through <= 2.14.

Action-Not Available
Vendor-shawfactor
Product-LH Login Page
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23454
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 38.97%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 17:21
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nature FlipBook WordPress Plugin plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flashmaniac Nature FlipBook vertical-diamond-flipbook-flash allows Reflected XSS.This issue affects Nature FlipBook: from n/a through <= 1.7.

Action-Not Available
Vendor-flashmaniac
Product-Nature FlipBook
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23760
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.70%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:08
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chatter plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1.

Action-Not Available
Vendor-Alex Volkov
Product-Chatter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23920
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.43%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:22
Updated-11 May, 2026 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ApplicantPro Plugin <= 1.3.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sourcing Team ApplicantPro applicantpro allows Reflected XSS.This issue affects ApplicantPro: from n/a through <= 1.3.9.

Action-Not Available
Vendor-Sourcing Team
Product-ApplicantPro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23700
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.28%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress yCyclista plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonisink yCyclista ycyclista allows Reflected XSS.This issue affects yCyclista: from n/a through <= 1.2.3.

Action-Not Available
Vendor-yonisink
Product-yCyclista
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23507
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.46%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blrt WP Embed plugin <= 1.6.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows Reflected XSS.This issue affects Blrt WP Embed: from n/a through <= 1.6.9.

Action-Not Available
Vendor-Blrt
Product-Blrt WP Embed
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23468
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essay Wizard (wpCRES) plugin <= 1.0.6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wrenchpilot Essay Wizard (wpCRES) essay-wizard-wpcres allows Reflected XSS.This issue affects Essay Wizard (wpCRES): from n/a through <= 1.0.6.4.

Action-Not Available
Vendor-wrenchpilot
Product-Essay Wizard (wpCRES)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23735
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.24%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-11 May, 2026 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Infugrator plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cosmin Schiopu Infugrator infugrator allows Reflected XSS.This issue affects Infugrator: from n/a through <= 1.0.3.

Action-Not Available
Vendor-Cosmin Schiopu
Product-Infugrator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23519
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress G Web Pro Store Locator plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jas Saran G Web Pro Store Locator gwebpro-store-locator allows Reflected XSS.This issue affects G Web Pro Store Locator: from n/a through <= 2.0.1.

Action-Not Available
Vendor-Jas Saran
Product-G Web Pro Store Locator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23683
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MACME plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xdxdVSxdxd MACME macme allows Reflected XSS.This issue affects MACME: from n/a through <= 1.2.

Action-Not Available
Vendor-xdxdVSxdxd
Product-MACME
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23885
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.12%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 10:52
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MJ Contact us Plugin <= 5.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anildhiman MJ Contact us mj-contact-us allows Reflected XSS.This issue affects MJ Contact us: from n/a through <= 5.2.3.

Action-Not Available
Vendor-anildhiman
Product-MJ Contact us
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23428
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress QMean plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arash Safari QMean – WordPress Did You Mean qmean allows Reflected XSS.This issue affects QMean – WordPress Did You Mean: from n/a through <= 2.0.

Action-Not Available
Vendor-Arash Safari
Product-QMean – WordPress Did You Mean
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23636
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 38.97%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 15:29
Updated-11 May, 2026 | 23:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through <= 1.0.

Action-Not Available
Vendor-Dimitar A.
Product-My Favorite Car
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23438
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.28%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-11 May, 2026 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP PT-Viewer plugin <= 2.0.2 - Reflected XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Mimoun-Prat WP PT-Viewer wp-ptviewer allows Reflected XSS.This issue affects WP PT-Viewer: from n/a through <= 2.0.2.

Action-Not Available
Vendor-Vincent Mimoun-Prat
Product-WP PT-Viewer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23959
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-11 May, 2026 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Good Old Gallery Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linus Lundahl Good Old Gallery good-old-gallery allows Reflected XSS.This issue affects Good Old Gallery: from n/a through <= 2.1.2.

Action-Not Available
Vendor-Linus Lundahl
Product-Good Old Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23593
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.76%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:22
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmailPress plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha EmailPress emailpress allows Reflected XSS.This issue affects EmailPress: from n/a through <= 1.0.

Action-Not Available
Vendor-kvvaradha
Product-EmailPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23623
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.39%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 – CCAvenue Add-on plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Bisen Contact Form 7 – CCAvenue Add-on cf7-cc-avenue-add-on allows Reflected XSS.This issue affects Contact Form 7 – CCAvenue Add-on: from n/a through <= 1.0.

Action-Not Available
Vendor-Mahesh Bisen
Product-Contact Form 7 – CCAvenue Add-on
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23716
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.28%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login Watchdog plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JkmAS Login Watchdog login-watchdog allows Stored XSS.This issue affects Login Watchdog: from n/a through <= 1.0.4.

Action-Not Available
Vendor-JkmAS
Product-Login Watchdog
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23663
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.28%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contexto plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Vaquez Contexto contexto allows Reflected XSS.This issue affects Contexto: from n/a through <= 1.0.

Action-Not Available
Vendor-Adrian Vaquez
Product-Contexto
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23758
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-11 May, 2026 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress pootle button plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Pootle button pootle-button allows Reflected XSS.This issue affects Pootle button: from n/a through <= 1.2.0.

Action-Not Available
Vendor-pootlepress
Product-Pootle button
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23551
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 42.84%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 17:21
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SexBundle plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp SexBundle sexbundle allows Reflected XSS.This issue affects SexBundle: from n/a through <= 1.4.

Action-Not Available
Vendor-razvypp
Product-SexBundle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23731
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.28%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-12 May, 2026 | 23:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tax Report for WooCommerce plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin Tax Report for WooCommerce tax-report-for-woocommerce allows Reflected XSS.This issue affects Tax Report for WooCommerce: from n/a through <= 2.2.

Action-Not Available
Vendor-infosoftplugin
Product-Tax Report for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23709
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:32
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Formatted post plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kiroro Formatted post formatted-post allows Reflected XSS.This issue affects Formatted post: from n/a through <= 1.01.

Action-Not Available
Vendor-kiroro
Product-Formatted post
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23923
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.39%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:22
Updated-11 May, 2026 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lockets Plugin <= 0.999 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wackey Lockets lockets allows Reflected XSS.This issue affects Lockets: from n/a through <= 0.999.

Action-Not Available
Vendor-wackey
Product-Lockets
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23874
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-12 May, 2026 | 23:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Block Pack plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FalconTheme Team WP Block Pack wp-block-pack allows Reflected XSS.This issue affects WP Block Pack: from n/a through <= 1.1.6.

Action-Not Available
Vendor-FalconTheme Team
Product-WP Block Pack
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 48
  • 49
  • Next
Details not found