ByteOS Network

Vulnerability Details :

CVE-2024-34445

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-09 May, 2024 | 11:00

Updated At-02 Aug, 2024 | 02:51

WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:09 May, 2024 | 11:00

Updated At:02 Aug, 2024 | 02:51

▼CVE Numbering Authority (CNA)

WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

Sonl Sinha (SKT Web Themes LLC)

Product

SKT Addons for Elementor

Collection URL

https://wordpress.org/plugins

Package Name

skt-addons-for-elementor

Default Status

unaffected

Versions

Affected

From n/a through 1.8 (custom)
- -> unaffectedfrom1.9

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Solutions

Update to 1.9 or a higher version.

Credits

finder

Khalid (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/skt-addons-for-elementor/wordpress-skt-addons-for-elementor-plugin-1-8-cross-site-scripting-xss-vulnerability-2?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/vulnerability/skt-addons-for-elementor/wordpress-skt-addons-for-elementor-plugin-1-8-cross-site-scripting-xss-vulnerability-2?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/skt-addons-for-elementor/wordpress-skt-addons-for-elementor-plugin-1-8-cross-site-scripting-xss-vulnerability-2?_s_id=cve	vdb-entry x_transferred

Hyperlink: https://patchstack.com/database/vulnerability/skt-addons-for-elementor/wordpress-skt-addons-for-elementor-plugin-1-8-cross-site-scripting-xss-vulnerability-2?_s_id=cve

Resource:

vdb-entry

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:14 May, 2024 | 15:39

Updated At:14 May, 2024 | 16:12

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/vulnerability/skt-addons-for-elementor/wordpress-skt-addons-for-elementor-plugin-1-8-cross-site-scripting-xss-vulnerability-2?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/vulnerability/skt-addons-for-elementor/wordpress-skt-addons-for-elementor-plugin-1-8-cross-site-scripting-xss-vulnerability-2?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

2135Records found

CVE-2024-43946

Matching Score-10

Assigner-Patchstack

View Details

Matching Score-10

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.06% / 20.14%

7 Day CHG~0.00%

Published-29 Aug, 2024 | 18:03

Updated-03 Sep, 2024 | 15:21

WordPress SKT Blocks plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.5.

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-skt_blocks SKT Blocks – Gutenberg based Page Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38674

Matching Score-10

Assigner-Patchstack

View Details

Matching Score-10

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.60%

7 Day CHG+0.04%

Published-20 Jul, 2024 | 07:54

Updated-06 Mar, 2025 | 14:25

WordPress SKT Addons for Elementor plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 3.0.

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-skt_addons_for_elementor SKT Addons for Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-48036

Matching Score-10

Assigner-Patchstack

View Details

Matching Score-10

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-17 Oct, 2024 | 12:21

Updated-10 Jul, 2025 | 19:01

WordPress SKT Blocks plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-skt_blocks SKT Blocks – Gutenberg based Page Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-54345

Matching Score-10

Assigner-Patchstack

View Details

Matching Score-10

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.05% / 14.09%

7 Day CHG~0.00%

Published-13 Dec, 2024 | 14:25

Updated-13 Dec, 2024 | 15:15

WordPress Bicycleshop theme <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes Bicycleshop allows DOM-Based XSS.This issue affects Bicycleshop: from n/a through 1.5.

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-Bicycleshop

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-54346

Matching Score-10

Assigner-Patchstack

View Details

Matching Score-10

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.05% / 14.09%

7 Day CHG~0.00%

Published-13 Dec, 2024 | 14:25

Updated-13 Dec, 2024 | 15:15

WordPress Barter theme <= 1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes Barter allows DOM-Based XSS.This issue affects Barter: from n/a through 1.6.

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-Barter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38698

Matching Score-10

Assigner-Patchstack

View Details

Matching Score-10

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.12% / 32.20%

7 Day CHG+0.05%

Published-20 Jul, 2024 | 07:33

Updated-02 Aug, 2024 | 04:19

WordPress SKT Skill Bar plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Skill Bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through 2.0.

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-SKT Skill Bar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34436

Matching Score-10

Assigner-Patchstack

View Details

Matching Score-10

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.13% / 33.65%

7 Day CHG~0.00%

Published-09 May, 2024 | 11:05

Updated-02 Aug, 2024 | 02:51

WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-SKT Addons for Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-24535

Matching Score-6

Assigner-Patchstack

View Details

Matching Score-6

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.05% / 14.35%

7 Day CHG~0.00%

Published-31 Jan, 2025 | 08:24

Updated-10 Feb, 2025 | 22:06

WordPress SKT Donation plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Donation allows Reflected XSS. This issue affects SKT Donation: from n/a through 1.9.

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-SKT Donation

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-44007

Matching Score-6

Assigner-Patchstack

View Details

Matching Score-6

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 22.10%

7 Day CHG~0.00%

Published-17 Sep, 2024 | 23:04

Updated-20 Sep, 2024 | 12:30

WordPress SKT Templates – Elementor & Gutenberg templates plugin <= 6.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Templates – Elementor & Gutenberg templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates: from n/a through 6.14.

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-SKT Templates – Elementor & Gutenberg templates

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24408

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-08 May, 2023 | 14:36

Updated-09 Jan, 2025 | 15:24

WordPress Ecwid Shopping Cart Plugin <= 6.11.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.

Vendor-lightspeedhq Ecwid Ecommerce

Product-ecwid_ecommerce_shopping_cart Ecwid Ecommerce Shopping Cart

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25061

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 08:35

Updated-02 Aug, 2024 | 13:44

WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.

Vendor-kibokolabs Kiboko Labs

Product-arigato_autoresponder_and_newsletter Arigato Autoresponder and Newsletter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24003

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 08:09

Updated-19 Feb, 2025 | 21:35

WordPress WP Popups Plugin <= 2.1.4.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions.

Vendor-timersys Timersys

Product-wp_popups WP Popups – WordPress Popup builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24009

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 10:14

Updated-25 Sep, 2024 | 16:44

WordPress Upfrontwp Theme <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions.

Vendor-wpazure Wpazure Themes

Product-upfrontwp Upfrontwp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23999

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-18 May, 2023 | 10:14

Updated-09 Jan, 2025 | 15:13

WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions.

Vendor-MonsterInsights, LLC

Product-google_analytics_dashboard MonsterInsights

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24393

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 12:32

Updated-25 Sep, 2024 | 15:03

WordPress Animated Number Counters Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions.

Vendor-wpmart Sk. Abul Hasan

Product-animated_number_counters Animated Number Counters

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23977

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 12:56

Updated-19 Feb, 2025 | 21:35

WordPress Heateor Social Comments Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions.

Vendor-Heateor

Product-social_comments WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25040

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-30 Mar, 2023 | 11:10

Updated-19 Feb, 2025 | 21:36

WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 versions.

Vendor-getshortcodes Vova Anokhin

Product-shortcodes_ultimate WordPress Shortcodes Plugin — Shortcodes Ultimate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24374

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 35.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:33

Updated-19 Feb, 2025 | 21:34

WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.

Vendor-material_design_icons_for_page_builders_project Photon WP

Product-material_design_icons_for_page_builders Material Design Icons for Page Builders

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-0385

Matching Score-4

Assigner-SAP SE

View Details

Matching Score-4

Assigner-SAP SE

CVSS Score-6.5||MEDIUM

EPSS-0.35% / 56.70%

7 Day CHG~0.00%

Published-13 Nov, 2019 | 21:57

Updated-04 Aug, 2024 | 17:51

SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Vendor-SAP SE

Product-enable_now SAP Enable Now

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24400

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 35.09%

7 Day CHG~0.00%

Published-06 May, 2023 | 23:03

Updated-09 Jan, 2025 | 15:26

WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.4.6 versions.

Vendor-hu-manity Hu-manity.co

Product-cookie_notice_\&_compliance_for_gdpr_\/_ccpa Cookie Notice & Compliance for GDPR / CCPA

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24411

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.86%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:52

Updated-10 Jan, 2025 | 19:07

WordPress BNE Testimonials Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions.

Vendor-bnecreative Kerry Kline

Product-bne_testimonials BNE Testimonials

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24378

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 35.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:48

Updated-10 Jan, 2025 | 19:06

WordPress Glossary Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeat Glossary plugin <= 2.1.27 versions.

Vendor-codeat Codeat

Product-glossary Glossary

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23670

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-30 Mar, 2023 | 10:44

Updated-19 Feb, 2025 | 21:36

WordPress Fancy Comments WordPress Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versions.

Vendor-Heateor

Product-fancy_comments Fancy Comments WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23829

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.05% / 15.29%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 11:35

Updated-25 Sep, 2024 | 16:45

WordPress Owl Carousel Plugin <= 0.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pierre JEHAN Owl Carousel plugin <= 0.5.3 versions.

Vendor-pierre-jehan Pierre JEHAN

Product-owl_carousel Owl Carousel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23815

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 04:58

Updated-10 Jan, 2025 | 19:11

WordPress Multi-column Tag Map Plugin <= 17.0.24 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions.

Vendor-Multi-Column Tag Map

Product-multi-column_tag_map Multi-column Tag Map

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23817

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:27

Updated-10 Jan, 2025 | 18:45

WordPress Simple PDF Viewer Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9 versions.

Vendor-simple_pdf_viewer_project WebArea | Vera Nedvyzhenko

Product-simple_pdf_viewer Simple PDF Viewer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23664

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-09 May, 2023 | 09:58

Updated-02 Aug, 2024 | 10:35

WordPress ConvertBox Auto Embed WordPress plugin Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions.

Vendor-convertbox ConvertBox

Product-convertbox_auto_embed ConvertBox Auto Embed WordPress plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22711

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:47

Updated-09 Jan, 2025 | 15:20

WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions.

Vendor-Agent Evolution

Product-impress_listings IMPress Listings

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23699

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-29 May, 2023 | 14:00

Updated-02 Aug, 2024 | 13:40

WordPress Progress Bar Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Reynolds Progress Bar plugin <= 2.2.1 versions.

Vendor-progress_bar_project Chris Reynolds

Product-progress_bar Progress Bar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23889

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:24

Updated-09 Jan, 2025 | 15:33

WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

Vendor-fullworksplugins Fullworks

Product-quick_paypal_payments Quick Paypal Payments

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22721

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-23 Jan, 2023 | 17:50

Updated-07 Nov, 2023 | 04:07

WordPress Oi Yandex.Maps for WordPress Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)

Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions.

Vendor-oi_yandex.maps_project Alexei Isaenko

Product-oi_yandex.maps Oi Yandex.Maps for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23686

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 11:26

Updated-10 Jan, 2025 | 19:11

WordPress Simple Staff List Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.

Vendor-simple_staff_list_project Brett Shumaker

Product-simple_staff_list Simple Staff List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23676

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-16 May, 2023 | 08:35

Updated-09 Jan, 2025 | 15:15

WordPress File Gallery Plugin <= 1.8.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bruno "Aesqe" Babic File Gallery plugin <= 1.8.5.3 versions.

Vendor-file_gallery_project Bruno "Aesqe" Babic

Product-file_gallery File Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23885

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:46

Updated-10 Jan, 2025 | 18:58

WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.

Vendor-fullworksplugins Fullworks

Product-quick_contact_form Quick Contact Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23876

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-03 May, 2023 | 13:12

Updated-09 Jan, 2025 | 15:31

WordPress wpDataTables Plugin <= 2.1.49 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.

Vendor-tms-outsource TMS-Plugins

Product-wpdatatables wpDataTables

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23708

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-03 May, 2023 | 12:27

Updated-19 Feb, 2025 | 21:32

WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.

Vendor-Themeisle Themeisle

Product-visualizer Visualizer: Tables and Charts Manager for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22720

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-11 May, 2023 | 14:31

Updated-19 Feb, 2025 | 21:30

WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions.

Vendor-wp_links_page_project Robert Macchi

Product-wp_links_page WP Links Page

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23831

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.54%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 13:40

Updated-02 Aug, 2024 | 13:40

WordPress Rating Widget Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rating-Widget Rating-Widget: Star Review System plugin <= 3.1.9 versions.

Vendor-rating-widget Rating-Widget

Product-ratingwidget Rating-Widget: Star Review System

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23703

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-16 May, 2023 | 09:50

Updated-09 Jan, 2025 | 15:14

WordPress Arconix Shortcodes Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <= 2.1.7 versions.

Vendor-tychesoftwares Tyche Softwares

Product-arconix_shortcodes Arconix Shortcodes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23832

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:06

Updated-10 Jan, 2025 | 18:46

WordPress Ultimate WP Query Search Filter Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions.

Vendor-ultimate_wp_query_search_filter_project TC

Product-ultimate_wp_query_search_filter Ultimate WP Query Search Filter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-47368

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.38%

7 Day CHG~0.00%

Published-06 Oct, 2024 | 09:42

Updated-07 Oct, 2024 | 17:47

WordPress Premium Blocks plugin <= 2.1.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.33.

Vendor-Leap13

Product-Premium Blocks – Gutenberg Blocks for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23826

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 09:06

Updated-25 Sep, 2024 | 16:47

WordPress Add Posts to Pages Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arsham Mirshah Add Posts to Pages plugin <= 1.4.1 versions.

Vendor-webmechanix Arsham Mirshah

Product-add_posts_to_pages Add Posts to Pages

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22717

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-15 May, 2023 | 11:09

Updated-09 Jan, 2025 | 15:16

WordPress FormCraft Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in nCrafts FormCraft plugin <= 1.2.6 versions.

Vendor-ncrafts nCrafts

Product-formcraft FormCraft

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23687

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-23 Jan, 2023 | 17:59

Updated-07 Nov, 2023 | 04:07

WordPress Youtube shortcode Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions.

Vendor-youtube_shortcode_project Túbal Martín

Product-youtube_shortcode Youtube shortcode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23717

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:12

Updated-10 Jan, 2025 | 18:45

WordPress Portfolio Slideshow Plugin <= 1.13.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions.

Vendor-portfolio_slideshow_project George Gecewicz

Product-portfolio_slideshow Portfolio Slideshow

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23657

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-16 May, 2023 | 09:24

Updated-10 Oct, 2024 | 18:57

WordPress Mail Subscribe List Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin <= 2.1.9 versions.

Vendor-webfwd Richard Leishman t/a Webforward

Product-mail_subscribe_list Mail Subscribe List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23685

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 11:05

Updated-19 Feb, 2025 | 21:36

WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions.

Vendor-radiustheme RadiusTheme

Product-portfolio Portfolio – WordPress Portfolio Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23833

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.54%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 12:53

Updated-25 Sep, 2024 | 16:59

WordPress Drop Shadow Boxes Plugin <= 1.7.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steven Henty Drop Shadow Boxes plugin <= 1.7.10 versions.

Vendor-drop_shadow_boxes_project Steven Henty

Product-drop_shadow_boxes Drop Shadow Boxes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23798

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 10:04

Updated-25 Sep, 2024 | 16:44

WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.

Vendor-web-settler Muneeb

Product-layer_slider Layer Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-24838

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 35.15%

7 Day CHG~0.00%

Published-05 Feb, 2024 | 06:35

Updated-01 Aug, 2024 | 23:28

WordPress Five Star Restaurant Reviews Plugin <= 2.3.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.

Vendor-fivestarplugins Five Star Plugins

Product-five_star_restaurant_menu Five Star Restaurant Reviews

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34445

Credits

WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs