ByteOS Network

Vulnerability Details :

CVE-2024-30201

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-27 Mar, 2024 | 06:13

Updated At-05 Aug, 2024 | 20:52

WordPress WP Smart Import plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:27 Mar, 2024 | 06:13

Updated At:05 Aug, 2024 | 20:52

▼CVE Numbering Authority (CNA)

WordPress WP Smart Import plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

Xylus Themes

Product

WordPress Importer

Collection URL

https://wordpress.org/plugins

Package Name

wp-smart-import

Default Status

unaffected

Versions

Affected

From n/a through 1.0.4 (custom)
- -> unaffectedfrom1.0.5

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-591	CAPEC-591 Reflected XSS

CAPEC ID: CAPEC-591

Description: CAPEC-591 Reflected XSS

Solutions

Update to 1.0.5 or a higher version.

Credits

finder

Dimas Maulana (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/wp-smart-import/wordpress-wp-smart-import-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/vulnerability/wp-smart-import/wordpress-wp-smart-import-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/wp-smart-import/wordpress-wp-smart-import-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry x_transferred

Hyperlink: https://patchstack.com/database/vulnerability/wp-smart-import/wordpress-wp-smart-import-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:27 Mar, 2024 | 07:15

Updated At:27 Mar, 2024 | 12:29

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/vulnerability/wp-smart-import/wordpress-wp-smart-import-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/vulnerability/wp-smart-import/wordpress-wp-smart-import-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

2025Records found

CVE-2023-32516

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 28.95%

7 Day CHG~0.00%

Published-24 Aug, 2023 | 11:21

Updated-24 Sep, 2024 | 19:27

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions.

Vendor-GloriaFood Oracle Corporation

Product-restaurant_menu_-_food_ordering_system_-_table_reservation Restaurant Menu – Food Ordering System – Table Reservation

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32499

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.89%

7 Day CHG~0.00%

Published-23 Aug, 2023 | 13:59

Updated-02 Aug, 2024 | 15:18

WordPress Radio Station Plugin <= 2.4.0.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions.

Vendor-netmix Tony Zeoli, Tony Hayes

Product-radio_station Radio Station by netmix® – Manage and play your Show Schedule in WordPress!

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32800

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-28 May, 2023 | 18:39

Updated-10 Oct, 2024 | 18:57

WordPress Rank Math SEO PRO Plugin <= 3.0.35 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <= 3.0.35 versions.

Vendor-rankmath One

Product-seo_pro Rank Math SEO PRO

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32300

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.89%

7 Day CHG~0.00%

Published-23 Aug, 2023 | 14:12

Updated-25 Sep, 2024 | 14:37

WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions.

Vendor-yoast Yoast

Product-yoast_seo Yoast SEO: Local

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-43327

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.13% / 32.83%

7 Day CHG~0.00%

Published-18 Aug, 2024 | 13:43

Updated-18 Sep, 2024 | 17:07

WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7.

Vendor-teleogistic Boone Gorges

Product-invite_anyone Invite Anyone

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-43220

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.13% / 32.83%

7 Day CHG~0.00%

Published-12 Aug, 2024 | 21:22

Updated-13 Aug, 2024 | 19:21

WordPress Form Maker by 10Web plugin <= 1.15.26 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26.

Vendor-10Web (TenWeb, Inc.)

Product-Form Maker by 10Web

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31072

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 14:35

Updated-02 Aug, 2024 | 14:45

WordPress Advanced Category Template Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen Goswami Advanced Category Template plugin <= 0.1 versions.

Vendor-praveengoswami Praveen Goswami

Product-advanced_category_template Advanced Category Template

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32108

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 14:06

Updated-25 Sep, 2024 | 14:38

WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.

Vendor-eduva Ignazio Scimone

Product-albo_pretorio_online Albo Pretorio On line

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31071

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 08:41

Updated-25 Sep, 2024 | 16:43

WordPress Modal Dialog Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.14 versions.

Vendor-ylefebvre Yannick Lefebvre

Product-modal_dialog Modal Dialog

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31076

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 08:44

Updated-25 Sep, 2024 | 16:42

WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.6 versions.

Vendor-really-simple-plugins Really Simple Plugins

Product-recipe_maker_for_your_food_blog_from_zip_recipes Recipe Maker For Your Food Blog from Zip Recipes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31220

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 10:24

Updated-19 Feb, 2025 | 21:24

WordPress WP Categories Widget Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPERTS.IN TEAM WP Categories Widget plugin <= 2.2 versions.

Vendor-wp-experts WP-EXPERTS.IN TEAM

Product-wp-categories-widget WP Categories Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31074

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 10:01

Updated-25 Sep, 2024 | 16:42

WordPress Extensions for Leaflet Map Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 Extensions for Leaflet Map plugin <= 3.4.1 versions.

Vendor-hupe13 hupe13

Product-extensions_for_leaflet_map Extensions for Leaflet Map

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-41353

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.21%

7 Day CHG~0.00%

Published-26 Jul, 2024 | 00:00

Updated-02 Aug, 2024 | 04:46

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php

Vendor-n/a phpipam

Product-n/a phpipam

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30868

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-56.91% / 98.04%

7 Day CHG~0.00%

Published-18 May, 2023 | 08:28

Updated-13 Feb, 2025 | 16:49

WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions.

Vendor-cms_tree_page_view_project Jon Christopher

Product-cms_tree_page_view CMS Tree Page View

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32109

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 14:53

Updated-25 Sep, 2024 | 16:42

WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.

Vendor-eduva Ignazio Scimone

Product-albo_pretorio_online Albo Pretorio On line

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32118

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 14:56

Updated-10 Oct, 2024 | 17:28

WordPress SALERT Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperation SALERT – Fake Sales Notification WooCommerce plugin <= 1.2.1 versions.

Vendor-wpoperation WPoperation

Product-salert_-_fake_sales_notification_woocommerce SALERT – Fake Sales Notification WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32107

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 14:00

Updated-25 Sep, 2024 | 14:38

WordPress Photo Gallery by Ays Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions.

Vendor-AYS Pro Extensions

Product-photo_gallery Photo Gallery by Ays – Responsive Image Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32105

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 13:50

Updated-25 Sep, 2024 | 14:39

WordPress WPPizza Plugin <= 3.17.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.17.1 versions.

Vendor-wp-pizza ollybach

Product-wppizza WPPizza – A Restaurant Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31218

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.06% / 20.11%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 13:28

Updated-02 Aug, 2024 | 14:53

WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions.

Vendor-PluginUs.Net (RealMag777)

Product-wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional WOLF – WordPress Posts Bulk Editor and Manager Professional

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-30877

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 08:30

Updated-25 Sep, 2024 | 16:43

WordPress XML for Google Merchant Center Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov XML for Google Merchant Center plugin <= 3.0.1 versions.

Vendor-icopydoc Maxim Glazunov

Product-xml_for_google_merchant_center XML for Google Merchant Center

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31094

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 12:50

Updated-19 Feb, 2025 | 21:26

WordPress Stock Sync for WooCommerce Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions.

Vendor-wptrio Lauri Karisola / WP Trio

Product-stock_sync_for_woocommerce Stock Sync for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32106

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 13:55

Updated-19 Feb, 2025 | 21:26

WordPress WP Docs Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Mahmood WP Docs plugin <= 1.9.9 versions.

Vendor-fahad_mahmood Fahad Mahmood

Product-wp_docs WP Docs

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30871

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-16 Aug, 2023 | 10:10

Updated-25 Sep, 2024 | 14:49

WordPress Stock Exporter for WooCommerce Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo Plugins (by Webdados) Stock Exporter for WooCommerce plugin <= 1.1.0 versions.

Vendor-webdados PT Woo Plugins (by Webdados)

Product-stock_exporter_for_woocommerce Stock Exporter for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30493

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.17% / 38.23%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 10:54

Updated-23 Sep, 2024 | 12:50

WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.2.0 versions.

Vendor-themefic Themefic

Product-ultimate_addons_for_contact_form_7 Ultimate Addons for Contact Form 7

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30489

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.39% / 59.43%

7 Day CHG~0.00%

Published-14 Aug, 2023 | 14:03

Updated-25 Sep, 2024 | 16:47

WordPress Email Subscription Popup Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions.

Vendor-i13websolution I Thirteen Web Solution

Product-email_subscription_popup Email Subscription Popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30471

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.17% / 38.23%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:57

Updated-19 Feb, 2025 | 21:23

WordPress WP Search Analytics Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.7 versions.

Vendor-cornelraiu Cornel Raiu

Product-wp_search_analytics WP Search Analytics

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30475

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-14 Aug, 2023 | 13:53

Updated-02 Aug, 2024 | 14:48

WordPress Coupon Affiliates Plugin <= 5.4.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin <= 5.4.5 versions.

Vendor-couponaffiliates Elliot Sowersby, RelyWP

Product-woocommerce_affiliate WooCommerce Affiliate Plugin – Coupon Affiliates

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29427

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-26 Jun, 2023 | 08:32

Updated-10 Oct, 2024 | 17:10

WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.

Vendor-tms-outsource TMS

Product-amelia Booking for Appointments and Events Calendar – Amelia

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30743

Matching Score-4

Assigner-SAP SE

View Details

Matching Score-4

Assigner-SAP SE

CVSS Score-7.1||HIGH

EPSS-0.13% / 33.89%

7 Day CHG~0.00%

Published-09 May, 2023 | 01:35

Updated-28 Jan, 2025 | 19:12

Improper Neutralization of Input in SAPUI5

Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.

Vendor-SAP SE

Product-sapui5 SAPUI5

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30747

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-15 Aug, 2023 | 12:35

Updated-25 Sep, 2024 | 15:02

WordPress WooCommerce Easy Duplicate Product Plugin <= 0.3.0.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem WooCommerce Easy Duplicate Product plugin <= 0.3.0.0 versions.

Vendor-wpgem WPGem

Product-woocommerce_easy_duplicate_product WooCommerce Easy Duplicate Product

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29430

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-26 Jun, 2023 | 09:26

Updated-02 Aug, 2024 | 14:48

WordPress TheRoof Theme <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions.

Vendor-cththemes CTHthemes

Product-theroof TheRoof

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30754

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-14 Aug, 2023 | 14:11

Updated-03 Jul, 2025 | 14:18

WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt plugin <= 1.8.5 versions.

Vendor-WP FOXLY

Product-adfoxly AdFoxly – Ad Manager, AdSense Ads & Ads.txt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30487

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-18 May, 2023 | 08:37

Updated-02 Aug, 2024 | 14:47

WordPress LearnPress Export Import Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions.

Vendor-ThimPress (PhysCode)

Product-learnpress LearnPress Export Import

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30494

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 10:28

Updated-24 Sep, 2024 | 18:51

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.10 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.10 versions.

Vendor-imagerecycle ImageRecycle

Product-imagerecycle_pdf_\&_image_compression ImageRecycle pdf & image compression

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30781

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-18 Oct, 2023 | 13:38

Updated-12 Sep, 2024 | 18:04

WordPress Tweeple Plugin <= 0.9.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Blvd Tweeple plugin <= 0.9.5 versions.

Vendor-themeblvd Theme Blvd

Product-tweeple Tweeple

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29385

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 15:14

Updated-19 Feb, 2025 | 21:29

WordPress WP Abstracts Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.

Vendor-wp_abstracts_project Kevon Adonis

Product-wp_abstracts WP Abstracts

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30485

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 11:07

Updated-02 Aug, 2024 | 14:28

WordPress Avartan Slider Lite Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider – Avartan Slider Lite plugin <= 1.5.3 versions.

Vendor-solwininfotech Solwin Infotech

Product-avartan-slider-lite Responsive WordPress Slider – Avartan Slider Lite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30491

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.89%

7 Day CHG~0.00%

Published-05 Aug, 2023 | 22:35

Updated-25 Sep, 2024 | 16:52

WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.8 versions.

Vendor-codebard CodeBard

Product-codebard\'s_patron_button_and_widgets_for_patreon CodeBard's Patron Button and Widgets for Patreon

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30499

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 14:41

Updated-25 Sep, 2024 | 16:42

WordPress FV Flowplayer Video Player Plugin <= 7.5.32.7212 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.32.7212 versions.

Vendor-foliovision FolioVision

Product-fv_flowplayer_video_player FV Flowplayer Video Player

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30472

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.17% / 38.23%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 10:42

Updated-23 Sep, 2024 | 12:50

WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeShop URL Shortener by MyThemeShop plugin <= 1.0.17 versions.

Vendor-mythemeshop MyThemeShop

Product-url_shortener URL Shortener by MyThemeShop

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30753

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 13:55

Updated-10 Oct, 2024 | 17:29

WordPress IP Metaboxes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1.

Vendor-ip_metaboxes_project Phan Chuong

Product-ip_metaboxes IP Metaboxes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-41357

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.1||HIGH

EPSS-0.07% / 22.41%

7 Day CHG~0.00%

Published-26 Jul, 2024 | 00:00

Updated-16 Apr, 2025 | 14:15

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.

Vendor-n/a phpipam

Product-n/a phpipam

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29439

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-67.22% / 98.50%

7 Day CHG~0.00%

Published-16 May, 2023 | 14:11

Updated-09 Jan, 2025 | 15:14

WordPress FooGallery Plugin <= 2.2.35 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.

Vendor-fooplugins FooPlugins

Product-foogallery FooGallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30498

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%

7 Day CHG~0.00%

Published-15 Aug, 2023 | 12:45

Updated-02 Aug, 2024 | 14:28

WordPress Vimeotheque Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlavors Vimeotheque: Vimeo WordPress Plugin <= 2.2.1 versions.

Vendor-codeflavors CodeFlavors

Product-vimeotheque Vimeotheque: Vimeo WordPress Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30496

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.09% / 25.91%

7 Day CHG~0.00%

Published-22 Nov, 2023 | 19:46

Updated-02 Aug, 2024 | 14:28

WordPress Bus Ticket Booking with Seat Reservation Plugin <= 5.2.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MagePeople Team WpBusTicketly plugin <= 5.2.5 versions.

Vendor-MagePeople

Product-bus_ticket_booking_with_seat_reservation WpBusTicketly

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30777

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-88.68% / 99.48%

7 Day CHG~0.00%

Published-10 May, 2023 | 05:50

Updated-09 Jan, 2025 | 15:22

WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.

Vendor-advancedcustomfields WP Engine

Product-advanced_custom_fields Advanced Custom Fields Pro Advanced Custom Fields

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30483

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.98%