ByteOS Network

Vulnerability Details :

CVE-2024-32540

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-17 Apr, 2024 | 08:30

Updated At-02 Aug, 2024 | 02:13

WordPress Fixed HTML Toolbar plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Web357 Fixed HTML Toolbar allows Stored XSS.This issue affects Fixed HTML Toolbar: from n/a through 1.0.7.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:17 Apr, 2024 | 08:30

Updated At:02 Aug, 2024 | 02:13

▼CVE Numbering Authority (CNA)

WordPress Fixed HTML Toolbar plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

Web357

Product

Fixed HTML Toolbar

Collection URL

https://wordpress.org/plugins

Package Name

fixed-html-toolbar

Default Status

unaffected

Versions

Affected

From n/a through 1.0.7 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Credits

finder

Savphill (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/fixed-html-toolbar/wordpress-fixed-html-toolbar-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/vulnerability/fixed-html-toolbar/wordpress-fixed-html-toolbar-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/fixed-html-toolbar/wordpress-fixed-html-toolbar-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry x_transferred

Hyperlink: https://patchstack.com/database/vulnerability/fixed-html-toolbar/wordpress-fixed-html-toolbar-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:17 Apr, 2024 | 09:15

Updated At:17 Apr, 2024 | 12:48

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/vulnerability/fixed-html-toolbar/wordpress-fixed-html-toolbar-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/vulnerability/fixed-html-toolbar/wordpress-fixed-html-toolbar-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1202Records found

CVE-2023-29093

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-26 Jun, 2023 | 05:33

Updated-10 Oct, 2024 | 17:11

WordPress Conditional extra fees for woocommerce Plugin <= 1.0.96 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PI Websolution Conditional cart fee plugin <= 1.0.96 versions.

Vendor-piwebsolution PI Websolution

Product-conditional_cart_fee_\/_extra_charge_rule_for_woocommerce_extra_fees Conditional cart fee

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28790

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.51%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 05:14

Updated-23 Sep, 2024 | 13:29

WordPress Simple Staff List Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions.

Vendor-simple_staff_list_project Brett Shumaker

Product-simple_staff_list Simple Staff List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28533

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 16.65%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 08:04

Updated-25 Sep, 2024 | 16:43

WordPress Cab Grid Plugin <= 1.5.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Williams Cab Grid plugin <= 1.5.15 versions.

Vendor-nimbus M Williams

Product-cab_grid Cab Grid

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28692

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.07%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:27

Updated-19 Feb, 2025 | 21:25

WordPress WP Abstracts Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.3 versions.

Vendor-kevonadonis Kevon Adonis

Product-wp_abstracts WP Abstracts

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28690

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 15.23%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 21:19

Updated-19 Feb, 2025 | 21:26

WordPress WP BrowserUpdate Plugin <= 4.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.5 versions.

Vendor-marcosteinbrecher Marco Steinbrecher

Product-wp_browserupdate WP BrowserUpdate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28774

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 12:25

Updated-10 Oct, 2024 | 17:21

WordPress Review Stream Plugin <= 1.6.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <= 1.6.5 versions.

Vendor-grade Grade Us, Inc.

Product-review_stream Review Stream

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29025

Matching Score-4

Assigner-Rockwell Automation

View Details

Matching Score-4

Assigner-Rockwell Automation

CVSS Score-4.7||MEDIUM

EPSS-0.12% / 30.66%

7 Day CHG~0.00%

Published-11 May, 2023 | 17:45

Updated-02 Aug, 2024 | 14:00

Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.

Vendor-Rockwell Automation, Inc.

Product-armorstart_st_284ee armorstart_st_281e_firmware armorstart_st_284ee_firmware armorstart_st_281e ArmorStart ST

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28778

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:34

Updated-10 Oct, 2024 | 17:24

WordPress Pagination by BestWebSoft Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions.

Vendor-BestWebSoft

Product-pagination Pagination

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28422

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.58%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 11:45

Updated-10 Jan, 2025 | 19:18

WordPress Event Manager for WooCommerce Plugin <= 3.8.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions.

Vendor-MagePeople

Product-event_manager_and_tickets_selling_for_woocommerce Event Manager and Tickets Selling Plugin for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29026

Matching Score-4

Assigner-Rockwell Automation

View Details

Matching Score-4

Assigner-Rockwell Automation

CVSS Score-4.7||MEDIUM

EPSS-0.13% / 32.98%

7 Day CHG~0.00%

Published-11 May, 2023 | 17:47

Updated-24 Jan, 2025 | 17:15

Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

Vendor-Rockwell Automation, Inc.

Product-armorstart_st_281e armorstart_st_284ee_firmware armorstart_st_284ee armorstart_st_281e_firmware ArmorStart ST

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29029

Matching Score-4

Assigner-Rockwell Automation

View Details

Matching Score-4

Assigner-Rockwell Automation

CVSS Score-4.7||MEDIUM

EPSS-0.13% / 32.98%

7 Day CHG~0.00%

Published-11 May, 2023 | 17:51

Updated-24 Jan, 2025 | 17:15

Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

Vendor-Rockwell Automation, Inc.

Product-armorstart_st_281e armorstart_st_284ee_firmware armorstart_st_284ee armorstart_st_281e_firmware ArmorStart ST

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28933

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 15:10

Updated-10 Oct, 2024 | 17:27

WordPress Call Now Accessibility Button Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <= 1.1 versions.

Vendor-stpetedesign StPeteDesign

Product-call_now_accessibility_button Call Now Accessibility Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29097

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.07%

7 Day CHG~0.00%

Published-14 Aug, 2023 | 13:46

Updated-25 Sep, 2024 | 16:44

WordPress a3 Portfolio Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <= 3.1.0 versions.

Vendor-a3rev a3rev Software

Product-a3_portfolio a3 Portfolio

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28622

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 13.18%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 08:00

Updated-25 Sep, 2024 | 16:43

WordPress Easy Slider Revolution Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <= 1.0.0 versions.

Vendor-tridenttechnolabs Trident Technolabs

Product-easy_slider_revolution Easy Slider Revolution

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29094

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.58%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:59

Updated-10 Jan, 2025 | 18:56

WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.20 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions.

Vendor-piwebsolution PI Websolution

Product-product_page_shipping_calculator_for_woocommerce Product page shipping calculator for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28496

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 08:24

Updated-10 Oct, 2024 | 17:25

WordPress SMTP2GO Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO – Email Made Easy plugin <= 1.4.2 versions.

Vendor-smtp2go SMTP2GO

Product-smtp2go SMTP2GO – Email Made Easy

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28751

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-23 Jun, 2023 | 12:26

Updated-19 Feb, 2025 | 21:28

WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions.

Vendor-wpmet Wpmet

Product-wp_ultimate_review Wp Ultimate Review

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28783

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 13.18%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 14:50

Updated-25 Sep, 2024 | 14:48

WordPress Woocommerce Tip/Donation Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.

Vendor-phpradar PHPRADAR

Product-woocommerce_tip\/donation Woocommerce Tip/Donation

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28931

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.12%

7 Day CHG+0.01%

Published-08 Aug, 2023 | 12:35

Updated-25 Sep, 2024 | 16:47

WordPress Post Connector Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions.

Vendor-never5 Never5

Product-post_connector Post Connector

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28414

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.43%

7 Day CHG~0.00%

Published-12 May, 2023 | 15:10

Updated-09 Jan, 2025 | 15:17

WordPress ApexChat Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin <= 1.3.1 versions.

Vendor-apexchat ApexChat

Product-apexchat ApexChat

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28934

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.12%

7 Day CHG+0.01%

Published-08 Aug, 2023 | 12:25

Updated-19 Feb, 2025 | 21:26

WordPress WP Full Stripe Free Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.

Vendor-paymentsplugin Mammothology

Product-wp_full_stripe_free WP Full Stripe Free

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28620

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 14:28

Updated-10 Oct, 2024 | 18:56

WordPress Cyberus Key Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions.

Vendor-cyberuslabs Cyberus Labs

Product-cyberus_key Cyberus Key

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27439

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-21 Jun, 2023 | 12:57

Updated-10 Oct, 2024 | 18:12

WordPress New Adman Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.

Vendor-new_adman_project gl_SPICE

Product-new_adman New Adman

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27429

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-21 Jun, 2023 | 13:19

Updated-10 Oct, 2024 | 17:41

WordPress Jetpack CRM Plugin <= 5.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.

Vendor-Automattic Inc.

Product-jetpack_crm Jetpack CRM

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27624

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.60% / 68.88%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 15:04

Updated-10 Oct, 2024 | 18:56

WordPress Redirect After Login Plugin <= 0.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.

Vendor-redirect_after_login_project Marcelotorres

Product-redirect_after_login Redirect After Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27426

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.07%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:57

Updated-24 Sep, 2024 | 19:22

WordPress NotifyVisitors Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.

Vendor-notifyvisitors Notifyvisitors

Product-notifyvisitors NotifyVisitors

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27422

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 10:15

Updated-25 Sep, 2024 | 16:51

WordPress NS Coupon to Become Customer Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions.

Vendor-nsthemes NsThemes

Product-ns_coupon_to_become_customer NS Coupon To Become Customer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28174

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.56%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:59

Updated-10 Oct, 2024 | 17:22

WordPress eRocket Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <= 1.2.4 versions.

Vendor-elightup eLightUp

Product-erocket eRocket

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27452

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:59

Updated-10 Oct, 2024 | 17:22

WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions.

Vendor-wow-estore Wow-Company

Product-button_generator_-_easily_button_builder Button Generator – easily Button Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27622

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.51%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:53

Updated-23 Sep, 2024 | 12:51

WordPress GuruWalk Affiliates Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0 versions.

Vendor-guruwalk Abel Ruiz

Product-guruwalk_affiliates GuruWalk Affiliates

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27614

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.58%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:54

Updated-09 Jan, 2025 | 15:37

WordPress Motor Racing League Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox Motor Racing League plugin <= 1.9.9 versions.

Vendor-motor_racing_league_project Ian Haycox

Product-motor_racing_league Motor Racing League

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27416

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 10:25

Updated-19 Feb, 2025 | 21:27

WordPress Decon WP SMS Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions.

Vendor-decondigital Decon Digital

Product-decon_wp_sms Decon WP SMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27617

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.51%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 05:22

Updated-02 Aug, 2024 | 13:39

WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.

Vendor-carrcommunications David F. Carr

Product-rsvpmaker RSVPMaker

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27618

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 08:33

Updated-02 Aug, 2024 | 12:16

WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.

Vendor-Agile Logix

Product-store_locator Store Locator WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27425

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.58%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:47

Updated-02 Aug, 2024 | 13:44

WordPress Electric Studio Client Login Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.

Vendor-electric_studio_client_login_project James Irving-Swift

Product-electric_studio_client_login Electric Studio Client Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27609

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.51%

7 Day CHG~0.00%

Published-19 Nov, 2024 | 21:56

Updated-25 Nov, 2024 | 14:59

WordPress WP Roles at Registration plugin <= 0.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NetTantra WP Roles at Registration allows Stored XSS.This issue affects WP Roles at Registration: from n/a through 0.23.

Vendor-hyscaler NetTantra

Product-wp_roles_at_registration WP Roles at Registration

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27427

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-23 Jun, 2023 | 12:21

Updated-10 Oct, 2024 | 17:12

WordPress CRM Memberships Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions.

Vendor-ntzapps NTZApps

Product-crm_memberships CRM Memberships

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27415

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 11:53

Updated-25 Sep, 2024 | 16:51

WordPress LetterPress Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions.

Vendor-themeqx Themeqx

Product-letterpress LetterPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28169

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.43%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:22

Updated-09 Jan, 2025 | 15:25

WordPress Easy Event calendar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0 versions.

Vendor-easy_event_calendar_project CoreFortress

Product-easy_event_calendar Easy Event calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27621

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.07%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:58

Updated-24 Sep, 2024 | 19:08

WordPress Livestream Notice Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDemonWolf Livestream Notice plugin <= 1.2.0 versions.

Vendor-mrdemonwolf MrDemonWolf

Product-livestream_notice Livestream Notice

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26017

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.43%

7 Day CHG~0.00%

Published-03 May, 2023 | 15:24

Updated-19 Feb, 2025 | 21:31

WordPress Jobs for WordPress Plugin <= 2.5.10.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions.

Vendor-blueglass BlueGlass

Product-jobs_for_wordpress Jobs for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25958

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.43%

7 Day CHG~0.00%

Published-12 May, 2023 | 15:15

Updated-09 Jan, 2025 | 15:16

WordPress Simple Tooltips Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <= 2.1.4 versions.

Vendor-simple_tooltips_project Justin Saad

Product-simple_tooltips Simple Tooltips

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26541

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 08:56

Updated-10 Oct, 2024 | 18:55

WordPress asMember Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions.

Vendor-asmember_project Alexander Suess

Product-asmember asMember

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26539

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.56%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:50

Updated-10 Oct, 2024 | 17:22

WordPress Advanced Text Widget Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <= 2.1.2 versions.

Vendor-advanced_text_widget_project Max Chirkov

Product-advanced_text_widget Advanced Text Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26527

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 11:02

Updated-10 Oct, 2024 | 18:55

WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions.

Vendor-wpindeed WPIndeed

Product-debug_assistant Debug Assistant

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-6390

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.90%

7 Day CHG~0.00%

Published-03 Aug, 2024 | 06:00

Updated-06 Jun, 2025 | 16:10

Quiz and Survey Master (QSM) < 9.1.0 - Contributor+ Stored XSS

The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

Vendor-expresstech Unknown expresstech

Product-quiz_and_survey_master Quiz and Survey Master (QSM)quiz_and_survey_master

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26515

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 10:41

Updated-10 Oct, 2024 | 18:55

WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions.

Vendor-simple_slug_translate_project Ko Takagi

Product-simple_slug_translate Simple Slug Translate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25992

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.84%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:18

Updated-10 Jan, 2025 | 19:16

WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions.

Vendor-cminds CreativeMindsSolutions

Product-cm_answers CM Answers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25978

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 15:09

Updated-02 Aug, 2024 | 13:40

WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate Reist Protected Posts Logout Button plugin <= 1.4.5 versions.

Vendor-mindutopia Nate Reist

Product-protected_posts_logout_button Protected Posts Logout Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26001

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.67%

7 Day CHG+0.01%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 14:27

WordPress Next Event Calendar <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marchetti Design Next Event Calendar allows Stored XSS. This issue affects Next Event Calendar: from n/a through 1.2.

Vendor-Marchetti Design

Product-Next Event Calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-32540

Credits

WordPress Fixed HTML Toolbar plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs