ByteOS Network

Vulnerability Details :

CVE-2024-31930

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-11 Apr, 2024 | 12:24

Updated At-02 Aug, 2024 | 01:59

WordPress Save as PDF by Pdfcrowd plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 .

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:11 Apr, 2024 | 12:24

Updated At:02 Aug, 2024 | 01:59

▼CVE Numbering Authority (CNA)

WordPress Save as PDF by Pdfcrowd plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

Pdfcrowd

Product

Save as PDF plugin by Pdfcrowd

Collection URL

https://wordpress.org/plugins

Package Name

save-as-pdf-by-pdfcrowd

Default Status

unaffected

Versions

Affected

From n/a through 3.2.1 (custom)
- -> unaffectedfrom3.2.2

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Solutions

Update to 3.2.2 or a higher version.

Credits

finder

younsoung kim (Patchstack Alliance)

finder

SeoHyeon Lee (Patchstack Alliance)

finder

MyungJu Kim (Patchstack Alliance)

finder

SeoHee Kang (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/save-as-pdf-by-pdfcrowd/wordpress-save-as-pdf-by-pdfcrowd-plugin-3-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/vulnerability/save-as-pdf-by-pdfcrowd/wordpress-save-as-pdf-by-pdfcrowd-plugin-3-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/save-as-pdf-by-pdfcrowd/wordpress-save-as-pdf-by-pdfcrowd-plugin-3-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry x_transferred

Hyperlink: https://patchstack.com/database/vulnerability/save-as-pdf-by-pdfcrowd/wordpress-save-as-pdf-by-pdfcrowd-plugin-3-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:11 Apr, 2024 | 13:15

Updated At:11 Apr, 2024 | 13:30

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/vulnerability/save-as-pdf-by-pdfcrowd/wordpress-save-as-pdf-by-pdfcrowd-plugin-3-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/vulnerability/save-as-pdf-by-pdfcrowd/wordpress-save-as-pdf-by-pdfcrowd-plugin-3-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1074Records found

CVE-2023-34172

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 14:12

Updated-02 Aug, 2024 | 16:01

WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions.

Vendor-miled Miled

Product-wordpress_social_login WordPress Social Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34187

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 13:00

Updated-24 Sep, 2024 | 19:22

WordPress Call Now Icon Animate Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Tien Call Now Icon Animate plugin <= 0.1.0 versions.

Vendor-Alan Tiến

Product-call_now_icon_animate Call Now Icon Animate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34018

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.95%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 17:01

Updated-02 Aug, 2024 | 15:54

WordPress SoundCloud Shortcode Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 3.1.0.

Vendor-soundcloud SoundCloud Inc.

Product-soundcloud_shortcode SoundCloud Shortcode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33208

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:03

Updated-24 Sep, 2024 | 19:23

WordPress Cookie Monster Plugin <= 1.51 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions.

Vendor-cookie_monster_project gsmith

Product-cookie_monster Cookie Monster

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34183

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 13:07

Updated-24 Sep, 2024 | 19:22

WordPress Unite Gallery Lite Plugin <= 1.7.61 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions.

Vendor-unitegallery Valiano

Product-unite_gallery_lite Unite Gallery Lite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33213

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-19 Jun, 2023 | 12:42

Updated-10 Oct, 2024 | 18:55

WordPress wpView Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions.

Vendor-gvectors gVectors

Product-wpview Display Custom Fields – wpView

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33210

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:24

Updated-24 Sep, 2024 | 19:23

WordPress nuajik CDN Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions.

Vendor-nuajik nuajik

Product-nuajik-cdn nuajik

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34170

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 14:26

Updated-19 Feb, 2025 | 21:28

WordPress Quick/Bulk Order Form for WooCommerce Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin <= 3.5.7 versions.

Vendor-wpovernight WP Overnight

Product-download_quick\/bulk_order_form_for_woocommerce Quick/Bulk Order Form for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33323

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.13%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 12:12

Updated-10 Oct, 2024 | 17:21

WordPress ARMember Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions.

Vendor-reputeinfosystems Repute InfoSystems

Product-armember ARMember

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32505

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-23 Aug, 2023 | 14:22

Updated-25 Sep, 2024 | 14:37

WordPress Easy Hide Login Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions.

Vendor-ciphercoin Arshid

Product-easy_hide_login Easy Hide Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32575

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 10:28

Updated-24 Sep, 2024 | 19:25

WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.25 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions.

Vendor-PI Websolution WooCommerce

Product-woocommerce Product page shipping calculator for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32584

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 08:53

Updated-24 Sep, 2024 | 19:26

WordPress eBecas Plugin <= 3.1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions.

Vendor-ebecas John Newcombe

Product-ebecas eBecas

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32591

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 08:57

Updated-24 Sep, 2024 | 19:26

WordPress DBargain Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions.

Vendor-cloudprimero Cloud Primero B.V

Product-dbargain DBargain

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32496

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-23 Aug, 2023 | 13:35

Updated-25 Sep, 2024 | 14:37

WordPress StopBadBots Plugin <= 7.31 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions.

Vendor-stopbadbots Bill Minozzi

Product-block_bad_bots_and_stop_bad_bots_crawlers_and_spiders_and_anti_spam_protection Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32515

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 May, 2023 | 09:55

Updated-09 Jan, 2025 | 15:14

WordPress Custom Field Suite Plugin <= 2.6.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions.

Vendor-custom_field_suite_project Matt Gibbs

Product-custom_field_suite Custom Field Suite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32738

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-27 Oct, 2023 | 20:16

Updated-06 Sep, 2024 | 18:47

WordPress Eonet Manual User Approve Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions.

Vendor-xtendify Alkaweb

Product-eonet_manual_user_approve Eonet Manual User Approve

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32498

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-23 Aug, 2023 | 13:48

Updated-25 Sep, 2024 | 14:37

WordPress Easy Form by AYS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions.

Vendor-AYS Pro Extensions

Product-easy_form Easy Form by AYS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32595

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 16.40%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 10:01

Updated-24 Sep, 2024 | 19:25

WordPress Sunny Search Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions.

Vendor-palasthotel Palasthotel by Edward Bock, Katharina Rompf

Product-sunny_search Sunny Search

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32962

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 11:56

Updated-24 Sep, 2024 | 19:23

WordPress WishSuite Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions.

Vendor-HasTech IT Limited (HasThemes)

Product-wishsuite WishSuite – Wishlist for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32577

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 08:46

Updated-24 Sep, 2024 | 19:26

WordPress DevBuddy Twitter Feed Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions.

Vendor-devbuddy Eji Osigwe

Product-twitter_feed DevBuddy Twitter Feed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32130

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 15:05

Updated-25 Sep, 2024 | 16:15

WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.

Vendor-danielpowney Daniel Powney

Product-multi_rating Multi Rating

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32596

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 10:19

Updated-24 Sep, 2024 | 19:25

WordPress weebotLite Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions.

Vendor-wolfgangertl Wolfgang Ertl

Product-weebotlite weebotLite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32958

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-28 May, 2023 | 17:04

Updated-10 Oct, 2024 | 17:31

WordPress Novelist Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose Graze Novelist plugin <= 1.2.0 versions.

Vendor-nosegraze Nose Graze

Product-novelist Novelist

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32294

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:00

Updated-24 Sep, 2024 | 19:09

WordPress GDPR Cookie Consent Notice Box Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Radical Web Design GDPR Cookie Consent Notice Box plugin <= 1.1.6 versions.

Vendor-radicalwebdesign Radical Web Design

Product-gdpr_cookie_consent_notice_box GDPR Cookie Consent Notice Box

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30745

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 13:59

Updated-10 Oct, 2024 | 17:29

WordPress IP Metaboxes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1 versions.

Vendor-ip_metaboxes_project Phan Chuong

Product-ip_metaboxes IP Metaboxes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30875

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 07:58

Updated-25 Sep, 2024 | 14:39

WordPress Logo Scheduler Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All My Web Needs Logo Scheduler plugin <= 1.2.0 versions.

Vendor-allmywebneeds All My Web Needs

Product-logo_scheduler Logo Scheduler

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32582

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-03 Jun, 2023 | 11:04

Updated-10 Oct, 2024 | 18:56

WordPress Don8 Plugin <= 0.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle Maurer Don8 plugin <= 0.4 versions.

Vendor-don8_project Kyle Maurer

Product-don8 Don8

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31236

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 14:47

Updated-10 Oct, 2024 | 17:28

WordPress Scripts n Styles Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFocus Projects Scripts n Styles plugin <= 3.5.7 versions.

Vendor-unfocus unFocus Projects

Product-scripts_n_styles Scripts n Styles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31232

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 13:11

Updated-25 Sep, 2024 | 14:39

WordPress Plugins List Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Artiss Plugins List plugin <= 2.5 versions.

Vendor-artiss David Artiss

Product-plugins_list Plugins List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32580

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-23 Jun, 2023 | 12:05

Updated-10 Oct, 2024 | 17:13

WordPress Password Protected Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions.

Vendor-wpexperts WPExperts

Product-password_protected Password Protected

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30786

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-16 Aug, 2023 | 09:38

Updated-25 Sep, 2024 | 15:02

WordPress Captcha Them All Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benjamin Guy Captcha Them All plugin <= 1.3.3 versions.

Vendor-fuzzguard Benjamin Guy

Product-captcha_them_all Captcha Them All

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30749

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-14 Aug, 2023 | 14:17

Updated-25 Sep, 2024 | 16:46

WordPress Optima Express + MarketBoost IDX Plugin Plugin <= 7.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin <= 7.3.0 versions.

Vendor-ihomefinder ihomefinder

Product-optima_express_\+_marketboost_idx Optima Express + MarketBoost IDX Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30874

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 08:25

Updated-25 Sep, 2024 | 16:43

WordPress GPS Plotter Plugin <= 5.1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Steve Curtis, St. Pete Design Gps Plotter plugin <= 5.1.4 versions.

Vendor-stpetedesign Steve Curtis, St. Pete Design

Product-gps_plotter Gps Plotter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31091

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 10:46

Updated-25 Sep, 2024 | 16:42

WordPress Dynamically Register Sidebars Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pradeep Singh Dynamically Register Sidebars plugin <= 1.0.1 versions.

Vendor-pradeepsinghweb Pradeep Singh

Product-dynamically_register_sidebars Dynamically Register Sidebars

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30746

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-10 May, 2023 | 08:24

Updated-09 Jan, 2025 | 15:20

WordPress Booqable Rental Plugin Plugin <= 2.4.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booqable Rental Software Booqable Rental plugin <= 2.4.15 versions.

Vendor-booqable Booqable Rental Software

Product-rental_software_booqable_rental Booqable Rental Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32116

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-26 Oct, 2023 | 12:15

Updated-06 Sep, 2024 | 18:44

WordPress Custom post types Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.

Vendor-totalpress TotalPress.org

Product-custom_post_types Custom post types, Custom Fields & more

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30751

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-14 Aug, 2023 | 14:39

Updated-25 Sep, 2024 | 16:46

WordPress Article Directory Redux Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <= 1.0.2 versions.

Vendor-icontrolwp iControlWP

Product-article_directory_redux Article Directory Redux

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31228

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 12:57

Updated-25 Sep, 2024 | 14:39

WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.

Vendor-cminds CreativeMindsSolutions

Product-cm_on_demand_search_and_replace CM On Demand Search And Replace

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31233

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 May, 2023 | 09:30

Updated-09 Jan, 2025 | 15:14

WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <= 1.0.2 versions.

Vendor-baidu_tongji_generator_project Haoqisir

Product-baidu_tongji_generator Baidu Tongji generator

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32957

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.95%

7 Day CHG~0.00%

Published-16 Nov, 2023 | 19:52

Updated-02 Aug, 2024 | 15:32

WordPress Team Members Showcase Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <= 1.3.4 versions.

Vendor-dazzlersoft Dazzlersoft

Product-team_members_showcase Team Members Showcase

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31221

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 12:46

Updated-25 Sep, 2024 | 16:47

WordPress PDQ CSV Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ransom Christofferson PDQ CSV plugin <= 1.0.0 versions.

Vendor-ransomchristofferson Ransom Christofferson

Product-pdq_csv PDQ CSV

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32292

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 12:55

Updated-25 Sep, 2024 | 16:47

WordPress Chat Button Plugin <= 1.8.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetButton Chat Button by GetButton.Io plugin <= 1.8.9.4 versions.

Vendor-getbutton GetButton

Product-chat_button Chat Button by GetButton.io

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30477

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-14 Aug, 2023 | 13:57

Updated-25 Sep, 2024 | 16:43

WordPress AFFILIATE Solution Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <= 1.0 versions.

Vendor-essitco Essitco

Product-affiliate_solution AFFILIATE Solution

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-39562

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.52%

7 Day CHG~0.00%

Published-17 Apr, 2025 | 15:46

Updated-17 Apr, 2025 | 20:21

WordPress Payment Form for PayPal Pro <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72.

Vendor-CodePeople

Product-Payment Form for PayPal Pro

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29434

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-26 Jun, 2023 | 10:08

Updated-02 Aug, 2024 | 14:07

WordPress Optin Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin <= 1.3.1 versions.

Vendor-fancythemes FancyThemes

Product-optin_forms Optin Forms – Simple List Building Plugin for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29438

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-26 Jun, 2023 | 12:04

Updated-10 Oct, 2024 | 17:09

WordPress SimpleModal Contact Form (SMCF) Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions.

Vendor-simplemodal_contact_form_project Eric Martin

Product-simplemodal_contact_form SimpleModal Contact Form (SMCF)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29423

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-26 Jun, 2023 | 07:13

Updated-10 Oct, 2024 | 17:11

WordPress Cancel order request WooCommerce Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <= 1.3.2 versions.

Vendor-piwebsolution PI Websolution

Product-cancel_order_request_\/_return_order_\/_repeat_order_\/_reorder_for_woocommerce Cancel order request / Return order / Repeat Order / Reorder for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28169

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%