Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32711

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-24 Apr, 2024 | 10:11
Updated At-28 Apr, 2026 | 16:09
Rejected At-
Credits

WordPress myCred plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.6.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:24 Apr, 2024 | 10:11
Updated At:28 Apr, 2026 | 16:09
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress myCred plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.6.3.

Affected Products
Vendor
Saad Iqbal
Product
myCred
Collection URL
https://wordpress.org/plugins
Package Name
mycred
Default Status
unaffected
Versions
Affected
  • From 0 through 2.6.3 (custom)
    • -> unaffectedfrom2.6.4
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
stealthcopter | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/mycred/vulnerability/wordpress-mycred-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/mycred/vulnerability/wordpress-mycred-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:24 Apr, 2024 | 11:15
Updated At:23 Apr, 2026 | 15:18

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.6.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondaryaudit@patchstack.com
CWE ID: CWE-79
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/mycred/vulnerability/wordpress-mycred-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cveaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/mycred/vulnerability/wordpress-mycred-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A
Hyperlink: https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2643Records found
CVE-2025-22727
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.23%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 13:57
Updated-11 May, 2026 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through <= 4.1.

Action-Not Available
Vendor-PluginOps
Product-MailChimp Subscribe Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22761
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajax Contact Form plugin <= 1.4.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer Ajax Contact Form fws-ajax-contact-form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through <= 1.4.1.

Action-Not Available
Vendor-Olaf Lederer
Product-Ajax Contact Form
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22574
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-11 May, 2026 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ICS Button plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cleanshooter ICS Button ics-button allows Stored XSS.This issue affects ICS Button: from n/a through <= 0.6.

Action-Not Available
Vendor-Cleanshooter
Product-ICS Button
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.94%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Justified Image Gallery plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsPoint Justified Image Gallery justified-image-gallery allows Stored XSS.This issue affects Justified Image Gallery: from n/a through <= 1.0.

Action-Not Available
Vendor-PluginsPoint
Product-Justified Image Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22500
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 16:50
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Alpha Price Table For Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor alpha-price-table-for-elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through <= 1.2.0.

Action-Not Available
Vendor-Ali Ali
Product-Alpha Price Table For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22544
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 57.34%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mind Doodle Visual Sitemaps & Tasks plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mind Doodle Mind Doodle Visual Sitemaps & Tasks mind-doodle-sitemap allows Stored XSS.This issue affects Mind Doodle Visual Sitemaps & Tasks: from n/a through <= 1.6.

Action-Not Available
Vendor-Mind Doodle
Product-Mind Doodle Visual Sitemaps & Tasks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22801
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-11 May, 2026 | 22:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Free WooCommerce Theme 99fy Extension plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Free WooCommerce Theme 99fy Extension 99fy-core allows Stored XSS.This issue affects Free WooCommerce Theme 99fy Extension: from n/a through <= 1.2.8.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-Free WooCommerce Theme 99fy Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22811
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MT Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristian Stan MT Addons for Elementor mt-addons-for-elementor allows Stored XSS.This issue affects MT Addons for Elementor: from n/a through <= 1.0.6.

Action-Not Available
Vendor-Cristian Stan
Product-MT Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22573
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icons Enricher plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in copist Icons Enricher icons-enricher allows Stored XSS.This issue affects Icons Enricher: from n/a through <= 1.0.8.

Action-Not Available
Vendor-copist
Product-Icons Enricher
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22525
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.17%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Donation Block For PayPal Plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bharat Kambariya Donation Block For PayPal donations-block allows Stored XSS.This issue affects Donation Block For PayPal: from n/a through <= 2.2.0.

Action-Not Available
Vendor-Bharat Kambariya
Product-Donation Block For PayPal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22780
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-11 May, 2026 | 22:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wp-pano Plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrey wp-pano wp-pano allows Stored XSS.This issue affects wp-pano: from n/a through <= 1.17.

Action-Not Available
Vendor-Andrey
Product-wp-pano
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22758
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.94%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elementor AI Addons plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harnani Elementor AI Addons ai-addons-for-elementor allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through <= 2.2.1.

Action-Not Available
Vendor-Harnani
Product-Elementor AI Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22759
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.54%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Stored XSS.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.5.

Action-Not Available
Vendor-BoldGrid (InMotion Hosting, Inc.)
Product-post_and_page_builder_by_boldgrid_-_visual_drag_and_drop_editorPost and Page Builder by BoldGrid
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22587
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.94%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEO Bulk Editor plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atanas Krachev SEO Bulk Editor seo-bulk-editor allows Stored XSS.This issue affects SEO Bulk Editor: from n/a through <= 1.1.0.

Action-Not Available
Vendor-Atanas Krachev
Product-SEO Bulk Editor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22757
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.54%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CodeBard Help Desk plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk codebard-help-desk allows Stored XSS.This issue affects CodeBard Help Desk: from n/a through <= 1.1.2.

Action-Not Available
Vendor-codebardCodeBard
Product-codebard_help_deskCodeBard Help Desk
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22312
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.17%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:48
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Thim Elementor Kit plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows DOM-Based XSS.This issue affects Thim Elementor Kit: from n/a through <= 1.2.9.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-Thim Elementor Kit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22809
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PDF Catalog Woocommerce plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theme funda PDF Catalog Woocommerce pdf-catalog-woocommerce allows DOM-Based XSS.This issue affects PDF Catalog Woocommerce: from n/a through <= 2.0.

Action-Not Available
Vendor-theme funda
Product-PDF Catalog Woocommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22642
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 14:21
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dynamic Conditions plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtowebsites Dynamic Conditions dynamicconditions allows Stored XSS.This issue affects Dynamic Conditions: from n/a through <= 1.7.4.

Action-Not Available
Vendor-rtowebsites
Product-Dynamic Conditions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22268
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.12%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:53
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Toolkit for LearnDash plugin <= 3.7.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through <= 3.7.0.1.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-Uncanny Toolkit for LearnDash
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22804
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Author Avatars List/Block plugin <= 2.1.23 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through <= 2.1.23.

Action-Not Available
Vendor-Paul Bearne
Product-Author Avatars List/Block
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22261
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.35%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP FullCalendar plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Stored XSS.This issue affects WP FullCalendar: from n/a through <= 1.5.

Action-Not Available
Vendor-Marcus (aka @msykes)
Product-WP FullCalendar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.78%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-11 May, 2026 | 22:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Block plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Button Block button-block allows Stored XSS.This issue affects Button Block: from n/a through <= 1.1.9.

Action-Not Available
Vendor-bpluginsbPlugins
Product-button_blockButton Block
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.78%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Black Widgets For Elementor plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through <= 1.3.8.

Action-Not Available
Vendor-modernawebModernaweb Studio
Product-black_widgets_for_elementorBlack Widgets For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22747
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.94%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Foundation Columns plugin <= 0.8 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tormorten Foundation Columns foundation-columns allows Stored XSS.This issue affects Foundation Columns: from n/a through <= 0.8.

Action-Not Available
Vendor-tormorten
Product-Foundation Columns
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22365
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 16:51
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EMC2 Alert Boxes Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3.

Action-Not Available
Vendor-Eric McNiece
Product-EMC2 Alert Boxes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22648
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.60%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 15:06
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blog, Posts and Category Filter for Elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Blog, Posts and Category Filter for Elementor blog-posts-and-category-for-elementor allows Stored XSS.This issue affects Blog, Posts and Category Filter for Elementor: from n/a through <= 2.0.1.

Action-Not Available
Vendor-Plugin Devs
Product-Blog, Posts and Category Filter for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22340
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.12%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Data Dash plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash data-dash allows Stored XSS.This issue affects Data Dash: from n/a through <= 1.2.3.

Action-Not Available
Vendor-Think201
Product-Data Dash
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22683
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.89%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NotificationX plugin <= 2.9.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX notificationx allows Stored XSS.This issue affects NotificationX: from n/a through <= 2.9.5.

Action-Not Available
Vendor-WPDeveloper
Product-notificationxNotificationX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22769
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multifox theme <= 1.3.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Brahma Multifox allows Stored XSS.This issue affects Multifox: from n/a through 1.3.7.

Action-Not Available
Vendor-Creative Brahma
Product-Multifox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22581
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 38.91%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arcade Ready plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bytephp Arcade Ready arcadeready allows Stored XSS.This issue affects Arcade Ready: from n/a through <= 1.1.

Action-Not Available
Vendor-Bytephp
Product-Arcade Ready
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22660
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.60%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 14:26
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Include Mastodon Feed plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wolfgang Include Mastodon Feed include-mastodon-feed allows DOM-Based XSS.This issue affects Include Mastodon Feed: from n/a through <= 1.9.9.

Action-Not Available
Vendor-Wolfgang
Product-Include Mastodon Feed
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22813
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 38.91%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ChatBot Conversational Forms plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot conversational-forms allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through <= 1.4.2.

Action-Not Available
Vendor-QuantumCloud
Product-Conversational Forms for ChatBot
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22781
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nativery Plugin plugin <= 0.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nativery Nativery nativery allows DOM-Based XSS.This issue affects Nativery: from n/a through <= 0.1.6.

Action-Not Available
Vendor-Nativery
Product-Nativery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22334
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 16:54
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Education LMS theme <= 0.0.7 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0.7.

Action-Not Available
Vendor-FilaThemes
Product-Education LMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22675
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 14:21
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end alert-box-block allows Stored XSS.This issue affects Alert Box Block – Display notice/alerts in the front end: from n/a through <= 1.1.0.

Action-Not Available
Vendor-bPlugins
Product-Alert Box Block – Display notice/alerts in the front end
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22732
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.97%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 13:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ad Blocking Detector plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Admiral Ad Blocking Detector ad-blocking-detector allows Stored XSS.This issue affects Ad Blocking Detector: from n/a through <= 3.6.0.

Action-Not Available
Vendor-Admiral
Product-Ad Blocking Detector
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22826
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 38.91%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:38
Updated-11 May, 2026 | 22:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sell Digital Downloads plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpecommerce Sell Digital Downloads sell-digital-downloads allows Stored XSS.This issue affects Sell Digital Downloads: from n/a through <= 2.2.7.

Action-Not Available
Vendor-wpecommerce
Product-Sell Digital Downloads
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.94%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Media Engine plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemesCraft.co Social Media Engine social-media-engine allows Stored XSS.This issue affects Social Media Engine: from n/a through <= 1.0.2.

Action-Not Available
Vendor-ThemesCraft.co
Product-Social Media Engine
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22528
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.17%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Huurkalender WP Plugin <= 1.5.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huurkalender.nl Huurkalender WP huurkalender-wp allows Stored XSS.This issue affects Huurkalender WP: from n/a through <= 1.5.6.

Action-Not Available
Vendor-Huurkalender.nl
Product-Huurkalender WP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-30826
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 67.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IP Locator plugin <= 4.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy IP Locator ip-locator allows DOM-Based XSS.This issue affects IP Locator: from n/a through <= 4.1.0.

Action-Not Available
Vendor-Pierre Lannoy
Product-IP Locator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22810
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.16%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phi Phan Content Blocks Builder content-blocks-builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through <= 2.7.6.

Action-Not Available
Vendor-Phi Phan
Product-Content Blocks Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Legacy ePlayer plugin <= 0.9.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Legacy ePlayer sportspress-tv allows Stored XSS.This issue affects Legacy ePlayer: from n/a through <= 0.9.9.

Action-Not Available
Vendor-Brian
Product-Legacy ePlayer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22315
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.54%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:48
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Typing Text plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Typing Text typing-text allows Stored XSS.This issue affects Typing Text: from n/a through <= 1.2.7.

Action-Not Available
Vendor-WPDeveloper
Product-typing_textTyping Text
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22659
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.31%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 15:01
Updated-12 May, 2026 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 2.10.44.

Action-Not Available
Vendor-Themeisle
Product-orbit_foxOrbit Fox by ThemeIsle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22545
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 57.34%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress iframe to embed plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sw.galati iframe to embed iframe-to-embed allows Stored XSS.This issue affects iframe to embed: from n/a through <= 1.2.

Action-Not Available
Vendor-sw.galati
Product-iframe to embed
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-30768
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.88% / 75.64%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:54
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress jAlbum Bridge plugin <= 2.0.18 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge jalbum-bridge allows Stored XSS.This issue affects jAlbum Bridge: from n/a through <= 2.0.18.

Action-Not Available
Vendor-mlaza
Product-jAlbum Bridge
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22661
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.16%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 17:21
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Online Payments plugin <= 3.20.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Payments – Get Paid with PayPal, Square & Stripe paypal-payment-button-by-vcita allows Stored XSS.This issue affects Online Payments – Get Paid with PayPal, Square & Stripe: from n/a through <= 3.20.0.

Action-Not Available
Vendor-vcita
Product-Online Payments – Get Paid with PayPal, Square & Stripe
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-31017
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 56.67%
||
7 Day CHG+0.20%
Published-09 Apr, 2025 | 16:10
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nav Menu Manager plugin <= 3.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager noakes-menu-manager allows Stored XSS.This issue affects Nav Menu Manager: from n/a through <= 3.2.5.

Action-Not Available
Vendor-Robert Noakes
Product-Nav Menu Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22674
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 14:21
Updated-11 May, 2026 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Blocks for WooCommerce plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Get Bowtied Product Blocks for WooCommerce product-blocks-for-woocommerce allows Stored XSS.This issue affects Product Blocks for WooCommerce: from n/a through <= 1.9.1.

Action-Not Available
Vendor-Get Bowtied
Product-Product Blocks for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22746
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.94%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HireHive Job Plugin plugin <= 2.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zartis HireHive Job Plugin zartis-job-plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through <= 2.9.0.

Action-Not Available
Vendor-zartis
Product-HireHive Job Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 10
  • 11
  • 12
  • ...
  • 52
  • 53
  • Next
Details not found