ByteOS Network

Vulnerability Details :

CVE-2024-29815

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-27 Mar, 2024 | 12:00

Updated At-28 Apr, 2026 | 16:09

WordPress WP Change Email Sender plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: from n/a before 1.3.0.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:27 Mar, 2024 | 12:00

Updated At:28 Apr, 2026 | 16:09

▼CVE Numbering Authority (CNA)

WordPress WP Change Email Sender plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

Aminur Islam

Product

WP Change Email Sender

Collection URL

https://wordpress.org/plugins

Package Name

wp-change-email-sender

Default Status

unaffected

Versions

Affected

From n/a before 1.3.0 (custom)
- -> unaffectedfrom1.3.0

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Solutions

Update to 1.3.0 or a higher version.

Credits

finder

Dhabaleshwar Das (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/wp-change-email-sender/wordpress-wp-change-email-sender-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/vulnerability/wp-change-email-sender/wordpress-wp-change-email-sender-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/wp-change-email-sender/wordpress-wp-change-email-sender-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry x_transferred

Hyperlink: https://patchstack.com/database/vulnerability/wp-change-email-sender/wordpress-wp-change-email-sender-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:27 Mar, 2024 | 12:15

Updated At:15 Apr, 2026 | 00:35

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	audit@patchstack.com

CWE ID: CWE-79

Type: Secondary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/vulnerability/wp-change-email-sender/wordpress-wp-change-email-sender-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A
https://patchstack.com/database/vulnerability/wp-change-email-sender/wordpress-wp-change-email-sender-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: https://patchstack.com/database/vulnerability/wp-change-email-sender/wordpress-wp-change-email-sender-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Hyperlink: https://patchstack.com/database/vulnerability/wp-change-email-sender/wordpress-wp-change-email-sender-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

1264Records found

CVE-2023-23674

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG+0.13%

Published-15 May, 2023 | 11:24

Updated-28 Apr, 2026 | 16:08

WordPress WP Original Media Path Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOLA WP Original Media Path plugin <= 2.4.0 versions.

Vendor-rvola RVOLA

Product-wp_original_media_path WP Original Media Path

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44479

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.61%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 08:13

Updated-28 Apr, 2026 | 16:08

WordPress WP Jump Menu Plugin <= 3.6.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim Krill WP Jump Menu plugin <= 3.6.4 versions.

Vendor-krillwebdesign Jim Krill

Product-wp-jump-menu WP Jump Menu

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24418

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.28%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:43

Updated-28 Apr, 2026 | 16:08

WordPress Tiny carousel horizontal slider plus Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions.

Vendor-gopiplus Gopi Ramasamy

Product-tiny_carousel_horizontal_slider_plus Tiny carousel horizontal slider plus

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24396

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.42%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:14

Updated-28 Apr, 2026 | 16:08

WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.

Vendor-vikwp E4J s.r.l.

Product-vikbooking_hotel_booking_engine_\&_pms VikBooking Hotel Booking Engine & PMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24381

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.42%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:47

Updated-28 Apr, 2026 | 16:08

WordPress Advanced Social Pixel Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions.

Vendor-nsthemes NsThemes

Product-advanced_social_pixel Advanced Social Pixel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24385

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.05%

7 Day CHG~0.00%

Published-17 Oct, 2023 | 08:58

Updated-28 Apr, 2026 | 16:08

WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.

Vendor-davidlingren David Lingren

Product-media_library_assistant Media Library Assistant

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24401

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.61%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:48

Updated-28 Apr, 2026 | 16:08

WordPress Mobile Call Now & Map Buttons Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions.

Vendor-davidsword Davidsword

Product-mobile_call_now_\&_map_buttons Mobile Call Now & Map Buttons

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24406

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.28%

7 Day CHG~0.00%

Published-10 May, 2023 | 08:01

Updated-28 Apr, 2026 | 16:08

WordPress Simple Popup Images Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions.

Vendor-simple_popup_project Muneeb ur Rehman

Product-simple_popup Simple PopUp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24397

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.61%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:41

Updated-28 Apr, 2026 | 16:08

WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.

Vendor-reservation Reservation.Studio

Product-reservation.studio Reservation.Studio widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24376

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.42%

7 Day CHG~0.00%

Published-08 May, 2023 | 21:37

Updated-28 Apr, 2026 | 16:08

WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions.

Vendor-wp_simple_events_project Nico Graff

Product-wp_simple_events WP Simple Events

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24389

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.09% / 24.61%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 09:01

Updated-28 Apr, 2026 | 16:08

WordPress Social Proof (Testimonial) Slider Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions.

Vendor-brandid brandiD

Product-social_proof_\(testimonial\)_slider Social Proof (Testimonial) Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-3597

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-5.9||MEDIUM

EPSS-0.18% / 39.69%

7 Day CHG~0.00%

Published-12 May, 2025 | 06:00

Updated-05 Jun, 2025 | 14:27

Firelight Lightbox < 2.3.15 - Contributor+ Stored XSS

The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well.

Vendor-firelightwp Unknown

Product-firelight_lightbox Firelight Lightbox

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24394

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 16.71%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 10:23

Updated-28 Apr, 2026 | 16:08

WordPress iframe popup Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.

Vendor-iframe_project Gopi Ramasamy

Product-iframe iframe popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24412

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.61%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:44

Updated-28 Apr, 2026 | 16:08

WordPress Image Social Feed Plugin Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.

Vendor-web-settler Web-Settler

Product-image_social_feed Image Social Feed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-50514

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 32.85%

7 Day CHG~0.00%

Published-19 Nov, 2024 | 16:32

Updated-11 May, 2026 | 22:06

WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a through <= 3.8.16.

Vendor-Kevin Stover Saturday Drive, INC

Product-ninja_forms Ninja Forms

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44228

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.10% / 27.50%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 10:33

Updated-28 Apr, 2026 | 16:08

WordPress Onclick Show Popup Plugin <= 8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions.

Vendor-gopiplus Gopi Ramasamy

Product-onclick_show_popup Onclick show popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23727

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG+0.13%

Published-16 May, 2023 | 08:43

Updated-28 Apr, 2026 | 16:08

WordPress Live Chat by Formilla – Real-time Chat & Chatbots Plugin Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions.

Vendor-formilla Formilla

Product-live_chat Live Chat by Formilla

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-32488

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.17% / 37.73%

7 Day CHG~0.00%

Published-09 Apr, 2025 | 16:09

Updated-28 Apr, 2026 | 16:12

WordPress Aria Font plugin <= 1.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in آریا وردپرس Aria Font aria-font allows Stored XSS.This issue affects Aria Font: from n/a through <= 1.4.

Vendor-آریا وردپرس

Product-Aria Font

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23884

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG-0.09%

Published-09 May, 2023 | 10:07

Updated-28 Apr, 2026 | 16:08

WordPress Kanban Boards for WordPress Plugin <= 2.5.20 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions.

Vendor-kanbanwp Kanban for WordPress

Product-kanban_boards_for_wordpress Kanban Boards for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23733

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:35

Updated-28 Apr, 2026 | 16:08

WordPress Lazy Social Comments Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Lazy Social Comments plugin <= 2.0.4 versions.

Vendor-lazy_social_comments_project Joel James

Product-lazy_social_comments Lazy Social Comments

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-50513

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.19%

7 Day CHG~0.00%

Published-19 Nov, 2024 | 16:32

Updated-11 May, 2026 | 22:05

WordPress PostX plugin <= 4.1.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows Stored XSS.This issue affects PostX: from n/a through <= 4.1.15.

Vendor-WPXPO

Product-PostX

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23675

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-30 Mar, 2023 | 10:48

Updated-28 Apr, 2026 | 16:08

WordPress WP Smart Preloader Plugin <= 1.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions.

Vendor-catchsquare Catchsquare

Product-wp_smart_preloader WP Smart Preloader

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23875

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-03 May, 2023 | 15:10

Updated-28 Apr, 2026 | 16:08

WordPress Bing Site Verification plugin using Meta Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <= 1.0 versions.

Vendor-bing_site_verification_plugin_using_meta_tag_project Himanshu

Product-bing_site_verification_plugin_using_meta_tag Bing Site Verification plugin using Meta Tag

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23816

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:31

Updated-28 Apr, 2026 | 16:08

WordPress Sitemap Index Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions.

Vendor-sitemap_index_project Twardes

Product-sitemap_index Sitemap Index

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23723

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-02 May, 2023 | 11:02

Updated-28 Apr, 2026 | 16:08

WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions.

Vendor-winwar Winwar Media

Product-wp_email_capture WP Email Capture

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23793

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-09 May, 2023 | 09:53

Updated-28 Apr, 2026 | 16:08

WordPress Read More Without Refresh Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions.

Vendor-8web Eightweb Interactive

Product-read_more_without_refresh Read More Without Refresh

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23980

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:39

Updated-28 Apr, 2026 | 16:08

WordPress MailOptin Plugin <= 1.2.54.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions.

Vendor-mailoptin MailOptin Popup Builder Team

Product-mailoptin MailOptin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23863

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG-0.09%

Published-09 May, 2023 | 07:38

Updated-28 Apr, 2026 | 16:08

WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 2.0.22 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions.

Vendor-blackandwhitedigital Black and White Digital Ltd

Product-treepress TreePress – Easy Family Trees & Ancestor Profiles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23878

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.18% / 38.72%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 11:38

Updated-28 Apr, 2026 | 16:08

WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.

Vendor-weplugins flippercode

Product-wp_maps WordPress Plugin for Google Maps – WP MAPS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24005

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:45

Updated-28 Apr, 2026 | 16:08

WordPress Inline Tweet Sharer – Twitter Sharing Plugin Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 versions.

Vendor-winwar Winwar Media

Product-inline_tweet_sharer Inline Tweet Sharer – Twitter Sharing Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-50516

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.19%

7 Day CHG~0.00%

Published-19 Nov, 2024 | 16:32

Updated-11 May, 2026 | 22:03

WordPress Countdown & Clock plugin <= 3.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Countdown & Clock countdown-builder allows Stored XSS.This issue affects Countdown & Clock: from n/a through <= 3.0.8.

Vendor-Adam Skaat (Edmonsoft)

Product-Countdown & Clock

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23683

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG+0.13%

Published-15 May, 2023 | 11:36

Updated-28 Apr, 2026 | 16:08

WordPress White Label Branding for Elementor Page Builder Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ozan Canakli White Label Branding for Elementor Page Builder plugin <= 1.0.2 versions.

Vendor-white_label_branding_for_elementor_page_builder_project Ozan Canakli

Product-white_label_branding_for_elementor_page_builder White Label Branding for Elementor Page Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23819

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 13:09

Updated-28 Apr, 2026 | 16:08

WordPress itemprop WP for SERP/SEO Rich snippets Plugin <= 3.5.201706131 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rolands Umbrovskis itemprop WP for SERP/SEO Rich snippets plugin <= 3.5.201706131 versions.

Vendor-itemprop_wp_for_serp\/seo_rich_snippets_project Rolands Umbrovskis

Product-itemprop_wp_for_serp\/seo_rich_snippets itemprop WP for SERP/SEO Rich snippets

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23673

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG+0.13%

Published-16 May, 2023 | 08:28

Updated-28 Apr, 2026 | 16:08

WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Harish Chouhan, Themeist I Recommend This plugin <= 3.8.3 versions.

Vendor-themeist Harish Chouhan, Themeist

Product-i_recommend_this I Recommend This

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23883

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG-0.09%

Published-09 May, 2023 | 10:01

Updated-28 Apr, 2026 | 16:08

WordPress WP Content Filter – Censor All Offensive Content From Your Site Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions.

Vendor-wp_content_filter_-_censor_all_offensive_content_from_your_site_project David Gwyer

Product-wp_content_filter_-_censor_all_offensive_content_from_your_site WP Content Filter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23718

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 11:22

Updated-28 Apr, 2026 | 16:08

WordPress Page Loading Effects Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions.

Vendor-page_loading_effects_project Esstat17

Product-page_loading_effects Page Loading Effects

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23871

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.24%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 10:35

Updated-28 Apr, 2026 | 16:08

WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions.

Vendor-webdzier Webdzier

Product-button Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23720

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG+0.13%

Published-16 May, 2023 | 09:31

Updated-28 Apr, 2026 | 16:08

WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.13 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetReviews SAS Verified Reviews (Avis Vérifiés) plugin <= 2.3.13 versions.

Vendor-skeepers NetReviews SAS

Product-verified_reviews_\(avis_verifies\)Verified Reviews (Avis Vérifiés)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23807

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.74%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:42

Updated-28 Apr, 2026 | 16:08

WordPress MojoPlug Slide Panel Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumos MojoPlug Slide Panel plugin <= 1.1.2 versions.

Vendor-qumos Qumos

Product-mojoplug_slide_panel MojoPlug Slide Panel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23811

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.74%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:44

Updated-28 Apr, 2026 | 16:08

WordPress Smoothscroller Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil Gee Smoothscroller plugin <= 1.0.0 versions.

Vendor-smoothscroller_project Neil Gee

Product-smoothscroller Smoothscroller

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24001

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:50

Updated-28 Apr, 2026 | 16:08

WordPress Modal Dialog Plugin <= 3.5.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions.

Vendor-ylefebvre Yannick Lefebvre

Product-modal_dialog Modal Dialog

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-5075

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-5.9||MEDIUM

EPSS-0.26% / 49.86%

7 Day CHG~0.00%

Published-13 Jul, 2024 | 06:00

Updated-06 May, 2025 | 17:04

WP eMember < 10.6.6 - Reflected XSS

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Vendor-Unknown Tips and Tricks HQ

Product-wp_emember wp-eMember wp_emember

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23881

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-03 May, 2023 | 15:03

Updated-28 Apr, 2026 | 16:08

WordPress Circles Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions.

Vendor-greentreelabs GreenTreeLabs

Product-circles_gallery Circles Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24004

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 08:00

Updated-28 Apr, 2026 | 16:08

WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions.

Vendor-WpDevArt

Product-download_image_and_video_lightbox\,_image_popup Image and Video Lightbox, Image PopUp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23981

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 04:43

Updated-28 Apr, 2026 | 16:08

WordPress Conversational Forms for ChatBot Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions.

Vendor-quantumcloud QuantumCloud

Product-conversational_forms_for_chatbot Conversational Forms for ChatBot

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-31764

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-1.02% / 77.41%

7 Day CHG~0.00%

Published-01 Apr, 2025 | 14:51

Updated-28 Apr, 2026 | 16:12

WordPress Cache control by Cacholong plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Stored XSS.This issue affects Cache control by Cacholong: from n/a through <= 5.4.1.

Vendor-Preliot

Product-Cache control by Cacholong

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24386

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.42%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 09:38

Updated-28 Apr, 2026 | 16:08

WordPress AI Contact Us Form Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions.

Vendor-ai_contact_us_form_project Karishma Arora

Product-ai_contact_us_form AI Contact Us Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24398

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.42%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 09:20

Updated-28 Apr, 2026 | 16:08

WordPress EZP Coming Soon Page Plugin <= 1.0.7.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.

Vendor-Snap Creek, LLC (Duplicator)

Product-ezp_coming_soon_page EZP Coming Soon Page

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23821

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.87%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 11:31

Updated-28 Apr, 2026 | 16:08

WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions.

Vendor-interactive_polish_map_project Marcin Pietrzak

Product-interactive_polish_map Interactive Polish Map

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-31792

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-1.02% / 77.41%

7 Day CHG~0.00%

Published-01 Apr, 2025 | 14:51

Updated-28 Apr, 2026 | 16:12

WordPress Piotnet Forms plugin <= 1.0.30 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Stored XSS.This issue affects Piotnet Forms: from n/a through <= 1.0.30.

Vendor-piotnetdotcom

Product-Piotnet Forms

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-29815

Credits

WordPress WP Change Email Sender plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs