Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-27960

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-17 Mar, 2024 | 16:30
Updated At-02 Aug, 2024 | 00:41
Rejected At-
Credits

WordPress Email Subscription Popup plugin <= 1.2.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:17 Mar, 2024 | 16:30
Updated At:02 Aug, 2024 | 00:41
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Email Subscription Popup plugin <= 1.2.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20.

Affected Products
Vendor
I Thirteen Web Solution
Product
Email Subscription Popup
Collection URL
https://wordpress.org/plugins
Package Name
email-subscribe
Default Status
unaffected
Versions
Affected
  • From n/a through 1.2.20 (custom)
    • -> unaffectedfrom1.2.21
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions

Update to 1.2.21 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
stealthcopter (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/email-subscribe/wordpress-email-subscription-popup-plugin-1-2-20-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/email-subscribe/wordpress-email-subscription-popup-plugin-1-2-20-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/email-subscribe/wordpress-email-subscription-popup-plugin-1-2-20-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/email-subscribe/wordpress-email-subscription-popup-plugin-1-2-20-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:17 Mar, 2024 | 17:15
Updated At:17 Mar, 2024 | 22:38

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/email-subscribe/wordpress-email-subscription-popup-plugin-1-2-20-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/email-subscribe/wordpress-email-subscription-popup-plugin-1-2-20-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2222Records found
CVE-2023-28792
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.64%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 14:00
Updated-10 Jan, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-continuous_image_carosel_with_lightboxContinuous Image Carousel With Lightbox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-32597
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.65%
||
7 Day CHG~0.00%
Published-30 Aug, 2023 | 11:45
Updated-24 Sep, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-video_galleryVideo Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-32797
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.93%
||
7 Day CHG~0.00%
Published-25 Aug, 2023 | 11:28
Updated-24 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress video carousel slider with lightbox Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-video_carousel_slider_with_lightboxvideo carousel slider with lightbox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30785
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 09:48
Updated-25 Sep, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Grid Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Grid plugin <= 1.21 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-video_gridVideo Grid
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30489
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.43% / 61.81%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 14:03
Updated-25 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Email Subscription Popup Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-email_subscription_popupEmail Subscription Popup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28776
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 11:29
Updated-10 Oct, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-continuous_image_carousel_with_lightboxContinuous Image Carousel With Lightbox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24392
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.19%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 07:01
Updated-19 Feb, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Full Width Banner Slider Wp Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-full_width_banner_slider_wpFull Width Banner Slider Wp
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24409
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 11:19
Updated-19 Feb, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Responsive Tabs horizontal vertical and accordion Tabs Plugin <= 1.1.15 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.15 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-wp_responsive_tabs_horizontal_vertical_and_accordion_tabsWP Responsive Tabs horizontal vertical and accordion Tabs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-47600
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 30.05%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 10:41
Updated-09 Jan, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mass Email To users Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <= 1.1.4 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-mass_email_to_usersMass Email To users
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-46799
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 30.05%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 11:44
Updated-09 Jan, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Testimonial Slider and Form Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-easy_testimonial_slider_and_formEasy Testimonial Slider and Form
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24413
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.54%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 11:28
Updated-02 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wordpress vertical image slider plugin Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-wordpress_vertical_image_sliderWordPress vertical image slider plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41658
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.61%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 13:33
Updated-20 Sep, 2024 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-web_solution_photo_gallery_slideshow_\&_masonry_tiled_galleryPhoto Gallery Slideshow & Masonry Tiled Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-47226
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.8||MEDIUM
EPSS-0.16% / 37.37%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 18:33
Updated-04 Sep, 2024 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Sliders & Post Grids Plugin <= 1.0.20 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Post Sliders & Post Grids plugin <= 1.0.20 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-post_sliders_\&_post_gridsPost Sliders & Post Grids
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-27989
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.26%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 15:14
Updated-02 Aug, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.

Action-Not Available
Vendor-I Thirteen Web Solution
Product-WP Responsive Tabs horizontal vertical and accordion Tabs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41731
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.06%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 07:43
Updated-02 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wordpress publish post email notification Plugin <= 1.0.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <= 1.0.2.2 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-wordpress_publish_post_email_notificationWordPress publish post email notification
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-45754
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 31.42%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 11:31
Updated-02 Aug, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Testimonial Slider and Form Plugin <= 1.0.18 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form allows Stored XSS.This issue affects Easy Testimonial Slider and Form: from n/a through 1.0.18.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-easy_testimonial_slider_and_formEasy Testimonial Slider and Form
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-1401
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.12%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 06:00
Updated-29 Apr, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Click Info <= 2.7.4 - Reflected XSS

The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-s-aUnknown
Product-wp_click_infoWP Click Info
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-13072
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.01%
||
7 Day CHG+0.01%
Published-10 Dec, 2025 | 06:00
Updated-12 Dec, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via utm_source

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-Unknown
Product-HandL UTM Grabber / Tracker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-13073
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.01%
||
7 Day CHG+0.01%
Published-10 Dec, 2025 | 06:00
Updated-12 Dec, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via handl_landing_page

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-Unknown
Product-HandL UTM Grabber / Tracker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-12684
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.93%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 06:00
Updated-15 Dec, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URL Shortify < 1.11.3 - Reflected XSS

The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins.

Action-Not Available
Vendor-Unknown
Product-URL Shortify
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-11560
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.01%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 06:00
Updated-19 Dec, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Team Members Showcase < 3.5.0 - Reflected XSS

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins.

Action-Not Available
Vendor-Unknown
Product-Team Members Showcase
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5849
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.58% / 68.48%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 12:32
Updated-22 Aug, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows reflected XSS

An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.

Action-Not Available
Vendor-pepperl-fuchsPepperl+Fuchs
Product-icdm-rx\/tcp-32rj45\/rj45-rmicdm-rx\/tcp_socketserver_firmwaremodbus_server_firmwareicdm-rx\/tcp-16db9\/rj45-rmicdm-rx\/mod-st\/rj45-dinicdm-rx\/en1-2st\/rj45-dinprofinet_firmwareicdm-rx\/tcp-4db9\/2rj45-pmicdm-rx\/pn-2st\/rj45-dinicdm-rx\/pn1-db9\/rj45-pmicdm-rx\/en1-4db9\/2rj45-dinicdm-rx\/tcp-2st\/rj45-dinicdm-rx\/mod-4db9\/2rj45-dinicdm-rx\/en-db9\/rj45-dinicdm-rx\/tcp-16rj45\/2rj45-pmicdm-rx\/pn-db9\/rj45-pmicdm-rx\/pn-db9\/rj45-dinicdm-rx\/tcp-4db9\/2rj45-dinicdm-rx\/tcp-8db9\/2rj45-pmicdm-rx\/pn-4db9\/2rj45-dinicdm-rx\/tcp-db9\/rj45-pmicdm-rx\/tcp-16rj45\/rj45-rmicdm-rx\/tcp-db9\/rj45-pm2eip\/modbus_firmwareicdm-rx\/en1-st\/rj45-dinicdm-rx\/pn1-st\/rj45-dinmodbus_tcp_firmwareicdm-rx\/pn1-db9\/rj45-dinethernet\/ip_firmwareicdm-rx\/en1-db9\/rj45-pmicdm-rx\/pn-st\/rj45-dinicdm-rx\/en-2st\/rj45-dinicdm-rx\/en-st\/rj45-dinicdm-rx\/en1-2db9\/rj45-dinicdm-rx\/en-4db9\/2rj45-dinicdm-rx\/pn1-2db9\/rj45-dinicdm-rx\/mod-db9\/rj45-dinicdm-rx\/pn1-4db9\/2rj45-dinicdm-rx\/tcp-2db9\/rj45-dinmodbus_router_firmwareicdm-rx\/pn-2db9\/rj45-dinicdm-rx\/en-db9\/rj45-pmicdm-rx\/tcp-st\/rj45-dinicdm-rx\/en-2db9\/rj45-dinicdm-rx\/tcp-db9\/rj45-dinprofinet\/modbus_firmwareicdm-rx\/pn1-2st\/rj45-dinicdm-rx\/en1-db9\/rj45-dinICDM-RX/TCP-DB9/RJ45-PM2ICDM-RX/PN-DB9/RJ45-PMICDM-RX/MOD-DB9/RJ45-DINICDM-RX/PN-2ST/RJ45-DINICDM-RX/PN1-4DB9/2RJ45-DINICDM-RX/TCP-ST/RJ45-DINICDM-RX/EN-DB9/RJ45-DINICDM-RX/TCP-2ST/RJ45-DINICDM-RX/TCP-DB9/RJ45-DINICDM-RX/PN-ST/RJ45-DINICDM-RX/PN1-2DB9/RJ45-DINICDM-RX/EN1-2ST/RJ45-DINICDM-RX/EN1-4DB9/2RJ45-DINICDM-RX/MOD-DB9/RJ45-PMICDM-RX/TCP-2DB9/RJ45-DINICDM-RX/EN-DB9/RJ45-PMICDM-RX/PN1-DB9/RJ45-DINICDM-RX/EN-2ST/RJ45-DINICDM-RX/MOD-4DB9/2RJ45-DINICDM-RX/MOD-16RJ45/2RJ45-PMICDM-RX/EN-2DB9/RJ45-DINICDM-RX/PN1-2ST/RJ45-DINICDM-RX/TCP-4DB9/2RJ45-DINICDM-RX/PN1-DB9/RJ45-PMICDM-RX/PN1-ST/RJ45-DINICDM-RX/MOD-2ST/RJ45-DINICDM-RX/TCP-16DB9/RJ45-RMICDM-RX/TCP-16RJ45/2RJ45-PMICDM-RX/PN-DB9/RJ45-DINICDM-RX/EN1-DB9/RJ45-DINICDM-RX/MOD-ST/RJ45-DINICDM-RX/TCP-32RJ45/RJ45-RMICDM-RX/MOD-2DB9/RJ45-DINICDM-RX/TCP-DB9/RJ45-PMICDM-RX/EN1-DB9/RJ45-PMICDM-RX/EN-ST/RJ45-DINICDM-RX/EN1-ST/RJ45-DINICDM-RX/TCP-16RJ45/RJ45-RMICDM-RX/EN1-2DB9/RJ45-DINICDM-RX/TCP-8DB9/2RJ45-PMICDM-RX/EN-4DB9/2RJ45-DINICDM-RX/PN-4DB9/2RJ45-DINICDM-RX/TCP-4DB9/2RJ45-PMICDM-RX/PN-2DB9/RJ45-DIN
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13329
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.12%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 06:00
Updated-07 May, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Solidres <= 0.9.4 - Reflected XSS

The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-solidresUnknown
Product-solidresSolidres
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56069
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG+0.07%
Published-02 Jan, 2025 | 09:12
Updated-03 Jan, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SuperBackup plugin <= 2.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Azzaroco WP SuperBackup allows Reflected XSS.This issue affects WP SuperBackup: from n/a through 2.3.3.

Action-Not Available
Vendor-Azzaroco
Product-WP SuperBackup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56018
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.49%
||
7 Day CHG+0.03%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BU Section Editing Plugin <= 0.9.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boston University (IS&T) BU Section Editing allows Reflected XSS.This issue affects BU Section Editing: from n/a through 0.9.9.

Action-Not Available
Vendor-Boston University (IS&T)
Product-BU Section Editing
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56024
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.49%
||
7 Day CHG+0.03%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Dashboard Widget plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget allows Reflected XSS.This issue affects Custom Dashboard Widget: from n/a through 1.0.0.

Action-Not Available
Vendor-DuoGeek
Product-Custom Dashboard Widget
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56025
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.49%
||
7 Day CHG+0.03%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AdWork Media EZ Content Locker plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdWorkMedia.com AdWork Media EZ Content Locker allows Reflected XSS.This issue affects AdWork Media EZ Content Locker: from n/a through 3.0.

Action-Not Available
Vendor-AdWorkMedia.com
Product-AdWork Media EZ Content Locker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56014
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.20%
||
7 Day CHG+0.05%
Published-02 Jan, 2025 | 12:25
Updated-03 Jan, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Olivia Theme <= 0.9.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markyis Cool Olivia allows Reflected XSS.This issue affects Olivia: from n/a through 0.9.5.

Action-Not Available
Vendor-Markyis Cool
Product-Olivia
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56267
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.20%
||
7 Day CHG+0.05%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Interactive UK Map plugin <= 3.4.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.com Interactive UK Map allows Stored XSS.This issue affects Interactive UK Map: from n/a through 3.4.8.

Action-Not Available
Vendor-Fla-shop.com
Product-Interactive UK Map
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56033
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.74%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 09:19
Updated-03 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FAQs plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs allows Reflected XSS.This issue affects FAQs: from n/a through 1.0.2.

Action-Not Available
Vendor-Think201
Product-FAQs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56035
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.20%
||
7 Day CHG+0.05%
Published-02 Jan, 2025 | 09:17
Updated-03 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Upload Scanner plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kurt Payne Upload Scanner allows Reflected XSS.This issue affects Upload Scanner: from n/a through 1.2.

Action-Not Available
Vendor-Kurt Payne
Product-Upload Scanner
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56027
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.20%
||
7 Day CHG+0.05%
Published-02 Jan, 2025 | 09:23
Updated-03 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leads CRM plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BizSwoop a CPF Concepts, LLC Brand Leads CRM allows Reflected XSS.This issue affects Leads CRM: from n/a through 2.0.13.

Action-Not Available
Vendor-BizSwoop (CPF Concepts, LLC)
Product-Leads CRM
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56289
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-6.97% / 91.26%
||
7 Day CHG-1.53%
Published-07 Jan, 2025 | 10:49
Updated-07 Jan, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Groundhogg Inc. Groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through 3.7.3.3.

Action-Not Available
Vendor-Groundhogg (Groundhogg Inc.)
Product-Groundhogg
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56233
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 26.60%
||
7 Day CHG+0.03%
Published-31 Dec, 2024 | 10:26
Updated-31 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kintpv Wooconnect plugin <= 8.129 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinhelios Kintpv Wooconnect allows Stored XSS.This issue affects Kintpv Wooconnect: from n/a through 8.129.

Action-Not Available
Vendor-Kinhelios
Product-Kintpv Wooconnect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56210
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 26.60%
||
7 Day CHG+0.03%
Published-31 Dec, 2024 | 10:32
Updated-31 Dec, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro allows Reflected XSS.This issue affects Userpro: from n/a through 5.1.9.

Action-Not Available
Vendor-DeluxeThemes
Product-Userpro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56029
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.20%
||
7 Day CHG+0.05%
Published-02 Jan, 2025 | 09:22
Updated-03 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Language Switcher plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dreamwinner Easy Language Switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through 1.0.

Action-Not Available
Vendor-Dreamwinner
Product-Easy Language Switcher
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56056
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.29% / 51.98%
||
7 Day CHG+0.21%
Published-07 Jan, 2025 | 14:57
Updated-26 Sep, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SimpleCharm Theme <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through 1.4.3.

Action-Not Available
Vendor-kmfoysal06kmfoysal06
Product-simplecharmSimpleCharm
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56023
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.49%
||
7 Day CHG+0.03%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP eCommerce Quickpay plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfect Solution WP eCommerce Quickpay allows Reflected XSS.This issue affects WP eCommerce Quickpay: from n/a through 1.1.0.

Action-Not Available
Vendor-Perfect Solution
Product-WP eCommerce Quickpay
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56226
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.58%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:29
Updated-21 Mar, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Royal Elementor Addons plugin <= 1.7.1001 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001.

Action-Not Available
Vendor-Royal Elementor Addons
Product-royal_elementor_addonsRoyal Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56036
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.20%
||
7 Day CHG+0.05%
Published-02 Jan, 2025 | 09:16
Updated-03 Jan, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress odPhotogallery plugin <= 0.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ondrej Donek odPhotogallery allows Reflected XSS.This issue affects odPhotogallery: from n/a through 0.5.3.

Action-Not Available
Vendor-Ondrej Donek
Product-odPhotogallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56037
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG+0.07%
Published-02 Jan, 2025 | 09:15
Updated-03 Jan, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Referral plugin <= 8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Maruf Adnan Sami User Referral allows Reflected XSS.This issue affects User Referral: from n/a through 8.0.

Action-Not Available
Vendor-Md Maruf Adnan Sami
Product-User Referral
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56209
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.82%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:33
Updated-31 Dec, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kleo theme < 5.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen Kleo allows Reflected XSS.This issue affects Kleo: from n/a before 5.4.4.

Action-Not Available
Vendor-SeventhQueen
Product-Kleo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56028
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.20%
||
7 Day CHG+0.05%
Published-02 Jan, 2025 | 09:23
Updated-03 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lemonade Social Networks Autoposter Pinterest plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lemonade Coding Studio Lemonade Social Networks Autoposter Pinterest allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through 2.0.

Action-Not Available
Vendor-Lemonade Coding Studio
Product-Lemonade Social Networks Autoposter Pinterest
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56016
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.74%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 11:38
Updated-18 Dec, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Mapper plugin <= 0.2.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPTooling Image Mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through 0.2.5.3.

Action-Not Available
Vendor-WPTooling
Product-Image Mapper
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56060
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG+0.07%
Published-02 Jan, 2025 | 09:13
Updated-03 Jan, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HTML Forms allows Reflected XSS.This issue affects HTML Forms: from n/a through 1.4.1.

Action-Not Available
Vendor-HTML Forms
Product-HTML Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56265
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.58%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:14
Updated-28 Jan, 2026 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWeb WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.

Action-Not Available
Vendor-WPWeb Elite
Product-woocommerce_pdf_vouchersWooCommerce PDF Vouchers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56301
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 13:11
Updated-13 Jan, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Distance Based Shipping Calculator Plugin <= 2.0.21 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eniture Technology Distance Based Shipping Calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21.

Action-Not Available
Vendor-Eniture, LLC
Product-Distance Based Shipping Calculator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5472
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.32% / 54.35%
||
7 Day CHG+0.14%
Published-13 Jul, 2024 | 06:00
Updated-13 May, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP QuickLaTeX < 3.8.7 - Admin+ Stored XSS in Background Color field

The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Action-Not Available
Vendor-holoborodkoUnknownpavel_holoborodko
Product-wp_quicklatexWP QuickLaTeXwp_quicklatex
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56022
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.41%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Preloader by WordPress Monsters plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress Monsters Preloader by WordPress Monsters allows Reflected XSS.This issue affects Preloader by WordPress Monsters: from n/a through 1.2.3.

Action-Not Available
Vendor-WordPress Monsters
Product-Preloader by WordPress Monsters
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56065
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 13:11
Updated-13 Jan, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP2LEADS Plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder.biz Team WP2LEADS allows Reflected XSS.This issue affects WP2LEADS: from n/a through 3.4.2.

Action-Not Available
Vendor-Saleswonder.biz Team
Product-WP2LEADS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 44
  • 45
  • Next
Details not found