ByteOS Network

Vulnerability Details :

CVE-2024-33926

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-03 May, 2024 | 07:13

Updated At-02 Aug, 2024 | 02:42

WordPress GWP-Histats plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Karl Kiesinger GWP-Histats allows Stored XSS.This issue affects GWP-Histats: from n/a through 1.0.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:03 May, 2024 | 07:13

Updated At:02 Aug, 2024 | 02:42

▼CVE Numbering Authority (CNA)

WordPress GWP-Histats plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

Karl Kiesinger

Product

GWP-Histats

Collection URL

https://wordpress.org/plugins

Package Name

gwp-histats

Default Status

unaffected

Versions

Affected

From n/a through 1.0 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Credits

finder

NGÔ THIÊN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/gwp-histats/wordpress-gwp-histats-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/vulnerability/gwp-histats/wordpress-gwp-histats-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/gwp-histats/wordpress-gwp-histats-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry x_transferred

Hyperlink: https://patchstack.com/database/vulnerability/gwp-histats/wordpress-gwp-histats-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:03 May, 2024 | 08:15

Updated At:03 May, 2024 | 12:48

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/vulnerability/gwp-histats/wordpress-gwp-histats-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/vulnerability/gwp-histats/wordpress-gwp-histats-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

2142Records found

CVE-2023-29099

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.74%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 10:45

Updated-25 Sep, 2024 | 16:46

WordPress Divi Theme <= 4.20.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions.

Vendor-elegant_themes Elegant themes

Product-divi Divi

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-3963

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.87%

7 Day CHG~0.00%

Published-13 Jul, 2024 | 06:00

Updated-09 Jun, 2025 | 17:07

RafflePress Lite < 1.12.14 - Editor+ Stored XSS

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks

Vendor-Unknown SeedProd, LLC (RafflePress)

Product-rafflepress Giveaways and Contests by RafflePress giveaways_and_contests_by_rafflepress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-39668

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.09% / 26.34%

7 Day CHG~0.00%

Published-01 Aug, 2024 | 21:31

Updated-22 Nov, 2024 | 19:09

WordPress Extensions for Elementor plugin <= 2.0.31 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Stored XSS.This issue affects Extensions for Elementor: from n/a through 2.0.31.

Vendor-idioweb petesheppard84

Product-extensions_for_elementor Extensions for Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-39662

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.09% / 26.34%

7 Day CHG~0.00%

Published-01 Aug, 2024 | 21:38

Updated-21 Mar, 2025 | 19:30

WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5.

Vendor-modernaweb Modernaweb Studio

Product-black_widgets_for_elementor Black Widgets For Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28785

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 25.39%

7 Day CHG~0.00%

Published-28 May, 2023 | 18:47

Updated-10 Oct, 2024 | 18:56

WordPress Yoast SEO: Local Plugin <= 14.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions.

Vendor-yoast Yoast

Product-yoast_seo Yoast SEO: Local

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-39665

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.11% / 29.34%

7 Day CHG~0.00%

Published-01 Aug, 2024 | 21:34

Updated-02 Aug, 2024 | 18:18

WordPress Filter & Grids plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YMC Filter & Grids allows Stored XSS.This issue affects Filter & Grids: from n/a through 2.9.2.

Vendor-YMC

Product-Filter & Grids

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-39655

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.41%

7 Day CHG~0.00%

Published-01 Aug, 2024 | 21:48

Updated-02 Aug, 2024 | 18:19

WordPress LiquidPoll plugin <= 3.3.77 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands.This issue affects LiquidPoll – Advanced Polls for Creators and Brands: from n/a through 3.3.77.

Vendor-LiquidPoll

Product-LiquidPoll – Advanced Polls for Creators and Brands

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27636

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.19% / 41.31%

7 Day CHG~0.00%

Published-16 Jun, 2024 | 00:00

Updated-08 Aug, 2024 | 14:08

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.

Vendor-n/a Progress Software Corporation

Product-sitefinity n/a sitefinity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27413

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.74%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 07:42

Updated-10 Oct, 2024 | 17:37

WordPress W4 Post List Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions.

Vendor-w4_post_list_project Shazzad Hossain Khan

Product-w4_post_list W4 Post List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38676

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.85%

7 Day CHG-0.01%

Published-20 Jul, 2024 | 07:51

Updated-02 Aug, 2024 | 04:12

WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Ultra Pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through 1.1.13.

Vendor-Booking Ultra Pro

Product-Booking Ultra Pro

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38703

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.11% / 30.47%

7 Day CHG+0.04%

Published-20 Jul, 2024 | 07:32

Updated-02 Aug, 2024 | 04:19

WordPress WP Event Aggregator plugin <= 1.7.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Stored XSS.This issue affects WP Event Aggregator: from n/a through 1.7.9.

Vendor-Xylus Themes

Product-WP Event Aggregator

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38674

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.06% / 19.16%

7 Day CHG-0.00%

Published-20 Jul, 2024 | 07:54

Updated-06 Mar, 2025 | 14:25

WordPress SKT Addons for Elementor plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 3.0.

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-skt_addons_for_elementor SKT Addons for Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27628

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.15% / 36.89%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:49

Updated-23 Sep, 2024 | 12:51

WordPress Sitekit Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <= 1.3 versions.

Vendor-sitekit_project Webvitaly

Product-sitekit Sitekit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38698

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.12% / 32.06%

7 Day CHG+0.05%

Published-20 Jul, 2024 | 07:33

Updated-02 Aug, 2024 | 04:19

WordPress SKT Skill Bar plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Skill Bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through 2.0.

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-SKT Skill Bar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28158

Matching Score-4

Assigner-Apache Software Foundation

View Details

Matching Score-4

Assigner-Apache Software Foundation

CVSS Score-6.5||MEDIUM

EPSS-0.12% / 32.42%

7 Day CHG~0.00%

Published-29 Mar, 2023 | 12:21

Updated-13 Feb, 2025 | 17:16

Apache Archiva privilege escalation

Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.

Vendor-The Apache Software Foundation

Product-archiva Apache Archiva

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38752

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.41%

7 Day CHG~0.00%

Published-13 Aug, 2024 | 10:25

Updated-13 Aug, 2024 | 13:54

WordPress Zoho Campaigns plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).This issue affects Zoho Campaigns: from n/a through 2.0.8.

Vendor-Zoho Corporation Pvt. Ltd.

Product-Zoho Campaigns

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27620

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.74%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 13:49

Updated-10 Jan, 2025 | 18:56

WordPress Robo Gallery Plugin <= 3.2.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.

Vendor-robogallery RoboSoft

Product-robo_gallery Photo Gallery, Images, Slider in Rbs Image Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38720

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.12% / 32.06%

7 Day CHG+0.05%

Published-20 Jul, 2024 | 07:22

Updated-02 Aug, 2024 | 04:19

WordPress EazyDocs plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EazyDocs eazydocs allows Stored XSS.This issue affects EazyDocs: from n/a through 2.5.0.

Vendor-spider-themes

Product-EazyDocs

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38671

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.85%

7 Day CHG-0.01%

Published-20 Jul, 2024 | 07:58

Updated-02 Aug, 2024 | 04:12

WordPress WP GoToWebinar plugin <= 15.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson WP GoToWebinar allows Stored XSS.This issue affects WP GoToWebinar: from n/a through 15.7.

Vendor-Martin Gibson

Product-WP GoToWebinar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38686

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.85%

7 Day CHG-0.01%

Published-20 Jul, 2024 | 07:40

Updated-02 Aug, 2024 | 04:19

WordPress FancyPost plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pluginic FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor allows Stored XSS.This issue affects FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor: from n/a through 5.3.1.

Vendor-Pluginic

Product-FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27629

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.74%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 07:46

Updated-10 Oct, 2024 | 17:27

WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.

Vendor-geminilabs Paul Ryley

Product-site_reviews Site Reviews

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38739

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.11% / 30.47%

7 Day CHG+0.04%

Published-20 Jul, 2024 | 07:16

Updated-02 Aug, 2024 | 04:19

WordPress OnePress theme <= 2.3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FameThemes OnePress allows Stored XSS.This issue affects OnePress: from n/a through 2.3.8.

Vendor-FameThemes

Product-OnePress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27631

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.74%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 07:29

Updated-10 Oct, 2024 | 17:38

WordPress Daily Prayer Time Plugin <= 2023.05.04 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions.

Vendor-mmrs151 mmrs151

Product-daily_prayer_time Daily Prayer Time

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38741

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.11% / 30.47%

7 Day CHG+0.04%

Published-20 Jul, 2024 | 07:15

Updated-02 Aug, 2024 | 04:19

WordPress Amazing Hover Effects plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor-E-Alam Amazing Hover Effects allows Stored XSS.This issue affects Amazing Hover Effects: from n/a through 2.4.9.

Vendor-Noor-E-Alam

Product-Amazing Hover Effects

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38678

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.85%

7 Day CHG-0.01%

Published-20 Jul, 2024 | 07:49

Updated-02 Aug, 2024 | 04:12

WordPress Calendar.online / Kalender.digital – Plugin plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Calendar.Online Calendar.Online / Kalender.Digital allows Stored XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.8.

Vendor-Calendar.online

Product-Calendar.online / Kalender.digital

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26013

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.74%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 08:37

Updated-02 Aug, 2024 | 13:40

WordPress Strong Testimonials Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.

Vendor-wpchill WPChill

Product-strong_testimonials Strong Testimonials

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37217

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.62%

7 Day CHG~0.00%

Published-22 Jul, 2024 | 09:24

Updated-02 Aug, 2024 | 03:50

WordPress Empty Cart Button for WooCommerce plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8.

Vendor-prowcplugins ProWCPlugins

Product-empty_cart_button_for_woocommerce Empty Cart Button for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37244

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.60%

7 Day CHG~0.00%

Published-22 Jul, 2024 | 09:13

Updated-02 Aug, 2024 | 03:50

WordPress Ninja Beaver Add-ons for Beaver Builder plugin <= 2.4.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.This issue affects Ninja Beaver Add-ons for Beaver Builder: from n/a through 2.4.5.

Vendor-ninjabeaveraddon NinjaTeam

Product-ninja_beaver_add-ons_for_beaver_builder Ninja Beaver Add-ons for Beaver Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37541

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 24.54%

7 Day CHG~0.00%

Published-06 Jul, 2024 | 12:33

Updated-02 Aug, 2024 | 03:57

WordPress Elementor Addons, Widgets and Enhancements – Stax plugin <= 1.4.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through 1.4.4.1.

Vendor-staxwp StaxWP

Product-stax Elementor Addons, Widgets and Enhancements – Stax

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37221

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.62%

7 Day CHG~0.00%

Published-22 Jul, 2024 | 09:19

Updated-02 Aug, 2024 | 03:50

WordPress Kimili Flash Embed plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3.

Vendor-kimili Michael Bester

Product-kimili_flash_embed Kimili Flash Embed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37489

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.87%

7 Day CHG~0.00%

Published-21 Jul, 2024 | 07:29

Updated-06 Sep, 2024 | 21:25

WordPress Ocean Extra plugin <= 2.2.9 - Authenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.2.9.

Vendor-oceanwp OceanWP

Product-ocean_extra Ocean Extra

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37466

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 21.75%

7 Day CHG+0.01%

Published-21 Jul, 2024 | 21:22

Updated-02 Aug, 2024 | 03:57

WordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements.This issue affects Mega Elements: from n/a through 1.2.2.

Vendor-kraftplugins Kraftplugins

Product-mega_elements Mega Elements

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37114

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.18% / 40.25%

7 Day CHG~0.00%

Published-22 Jul, 2024 | 09:42

Updated-02 Aug, 2024 | 03:50

WordPress My Favorites plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1.

Vendor-takashimatsuyama Takashi Matsuyama

Product-my_favorites My Favorites

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37216

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.62%

7 Day CHG~0.00%

Published-22 Jul, 2024 | 09:27

Updated-02 Aug, 2024 | 03:50

WordPress Sketchfab Embed plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5.

Vendor-generatewp Rami Yushuvaev

Product-sketchfab_embed Sketchfab Embed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37514

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 35.20%

7 Day CHG+0.06%

Published-21 Jul, 2024 | 07:16

Updated-06 Sep, 2024 | 21:26

WordPress CopySafe Web Protection plugin <= 3.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Stored XSS.This issue affects CopySafe Web Protection: from n/a through 3.14.

Vendor-artistscope ArtistScope

Product-copysafe_web_protection CopySafe Web Protection

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37956

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.20% / 42.45%

7 Day CHG+0.09%

Published-20 Jul, 2024 | 08:16

Updated-30 Aug, 2024 | 17:48

WordPress VK All in One Expansion Unit plugin <= 9.99.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0.

Vendor-vektor-inc Vektor,Inc.

Product-vk_all_in_one_expansion_unit VK All in One Expansion Unit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37465

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.87%

7 Day CHG~0.00%

Published-21 Jul, 2024 | 21:24

Updated-02 Aug, 2024 | 03:57

WordPress AI Power: Complete AI Pack – Powered by GPT-4 plugin <= 1.8.66 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Senol Sahin GPT3 AI Content Writer allows Stored XSS.This issue affects GPT3 AI Content Writer: from n/a through 1.8.66.

Vendor-aipower Senol Sahin

Product-aipower GPT3 AI Content Writer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37521

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.88%

7 Day CHG+0.04%

Published-21 Jul, 2024 | 07:11

Updated-06 Sep, 2024 | 21:32

WordPress zBench theme <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in zwwooooo zBench allows Stored XSS.This issue affects zBench: from n/a through 1.4.2.

Vendor-zww zwwooooo

Product-zbench zBench

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37488

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.88%

7 Day CHG+0.04%

Published-21 Jul, 2024 | 07:30

Updated-06 Sep, 2024 | 21:24

WordPress HelloAsso plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.9.

Vendor-helloasso HelloAsso

Product-helloasso HelloAsso

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37101

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.62%

7 Day CHG~0.00%

Published-22 Jul, 2024 | 09:56

Updated-02 Aug, 2024 | 03:50

WordPress WP Post Author plugin <= 3.6.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AF themes WP Post Author allows Stored XSS.This issue affects WP Post Author: from n/a through 3.6.7.

Vendor-AF themes

Product-wp_post_author WP Post Author

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37428

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 34.96%

7 Day CHG~0.00%

Published-22 Jul, 2024 | 08:27

Updated-02 Aug, 2024 | 03:57

WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.0.

Vendor-themesgrove Themesgrove

Product-all-in-one_addons_for_elementor WidgetKit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37457

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.06% / 17.06%

7 Day CHG-0.02%

Published-21 Jul, 2024 | 22:11

Updated-02 Aug, 2024 | 03:57

WordPress Ultimate Blocks – WordPress Blocks Plugin plugin <= 3.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin allows Stored XSS.This issue affects Ultimate Blocks – Gutenberg Blocks Plugin: from n/a through 3.1.9.

Vendor-dotcamp Ultimate Blocks

Product-ultimate_blocks Ultimate Blocks – Gutenberg Blocks Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37918

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.12% / 32.06%

7 Day CHG+0.05%

Published-20 Jul, 2024 | 09:01

Updated-02 Aug, 2024 | 04:04

WordPress ConeBlog plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCone.Com ConeBlog – WordPress Blog Widgets allows Stored XSS.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through 1.4.8.

Vendor-WPCone.com

Product-ConeBlog – WordPress Blog Widgets

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37507

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.88%

7 Day CHG+0.04%

Published-21 Jul, 2024 | 07:21

Updated-11 Aug, 2025 | 17:46

WordPress Eventin plugin <= 3.3.57 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57.

Vendor-themewinter Themewinter

Product-eventin Eventin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37512

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.18% / 40.52%

7 Day CHG+0.07%

Published-21 Jul, 2024 | 07:17

Updated-22 Jan, 2025 | 22:09

WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.5.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10.

Vendor-basixonline Basix

Product-nex-forms NEX-Forms – Ultimate Form Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37948

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.12% / 32.06%

7 Day CHG+0.05%

Published-20 Jul, 2024 | 08:29

Updated-02 Aug, 2024 | 04:04

WordPress Caxton – Create Pro page layouts in Gutenberg plugin <= 1.30.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PootlePress Caxton – Create Pro page layouts in Gutenberg allows Stored XSS.This issue affects Caxton – Create Pro page layouts in Gutenberg: from n/a through 1.30.1.

Vendor-PootlePress

Product-Caxton – Create Pro page layouts in Gutenberg

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37546

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.09% / 26.09%

7 Day CHG~0.00%

Published-06 Jul, 2024 | 14:29

Updated-02 Aug, 2024 | 03:57

WordPress Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Effects - Caption Hover with Carousel: from n/a through 3.0.2.

Vendor-Biplob Adhikari (Oxilab Development)

Product-image_hover_effects_for_elementor_with_lightbox_and_flipbox Image Hover Effects - Caption Hover with Carousel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37922

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.88%

7 Day CHG+0.04%

Published-20 Jul, 2024 | 08:57

Updated-03 Feb, 2025 | 15:41

WordPress Premium Addons for Elementor plugin <= 4.10.34 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.34.

Vendor-leap13 Leap13

Product-premium_addons_for_elementor Premium Addons for Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37445

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.62%

7 Day CHG~0.00%

Published-22 Jul, 2024 | 08:14

Updated-02 Aug, 2024 | 03:57

WordPress HTML5 Audio Player plugin <= 2.2.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23.

Vendor-bplugins bPlugins

Product-html5_audio_player Html5 Audio Player

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37959

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.06% / 19.16%

7 Day CHG-0.00%

Published-20 Jul, 2024 | 08:10

Updated-30 Aug, 2024 | 20:15

WordPress Power BI Embedded for WordPress plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects Power BI Embedded for WordPress: from n/a through 1.1.7.

Vendor-atlaspolicy Atlas Public Policy

Product-power_bi_embedded Power BI Embedded for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-33926

Credits

WordPress GWP-Histats plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs