Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-49278

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-17 Oct, 2024 | 19:22
Updated At-17 Oct, 2024 | 20:05
Rejected At-
Credits

WordPress Omnipress plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:17 Oct, 2024 | 19:22
Updated At:17 Oct, 2024 | 20:05
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Omnipress plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3.

Affected Products
Vendor
omnipressteam
Product
Omnipress
Collection URL
https://wordpress.org/plugins
Package Name
omnipress
Default Status
unaffected
Versions
Affected
  • From n/a through 1.4.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Khalid Yusuf (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/omnipress/wordpress-omnipress-plugin-1-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/omnipress/wordpress-omnipress-plugin-1-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:17 Oct, 2024 | 20:15
Updated At:18 Oct, 2024 | 12:52

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/omnipress/wordpress-omnipress-plugin-1-4-3-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/omnipress/wordpress-omnipress-plugin-1-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2142Records found
CVE-2025-47507
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Better Search <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search allows DOM-Based XSS. This issue affects Better Search: from n/a through 4.1.0.

Action-Not Available
Vendor-Ajay
Product-Better Search
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47443
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Widget Countdown <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown allows Stored XSS. This issue affects Widget Countdown: from n/a through 2.7.4.

Action-Not Available
Vendor-WpDevArt
Product-Widget Countdown
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47501
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Control <= 2.6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Atlantic Content Control allows DOM-Based XSS. This issue affects Content Control: from n/a through 2.6.1.

Action-Not Available
Vendor-Code Atlantic
Product-Content Control
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47589
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ebook Store <= 5.8007 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store allows DOM-Based XSS. This issue affects Ebook Store: from n/a through 5.8007.

Action-Not Available
Vendor-motov.net
Product-Ebook Store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47662
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woobox <= 1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox allows Stored XSS. This issue affects Woobox: from n/a through 1.6.

Action-Not Available
Vendor-woobox
Product-Woobox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32189
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BWD Elementor Addons plugin <= 4.3.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer BWD Elementor Addons allows DOM-Based XSS. This issue affects BWD Elementor Addons: from n/a through 4.3.20.

Action-Not Available
Vendor-Best WP Developer
Product-BWD Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47495
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blockspare <= 3.2.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blockspare Blockspare allows Stored XSS. This issue affects Blockspare: from n/a through 3.2.9.

Action-Not Available
Vendor-Blockspare
Product-Blockspare
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47598
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:54
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress History Log by click5 <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 allows Stored XSS. This issue affects History Log by click5: from n/a through 1.0.13.

Action-Not Available
Vendor-click5
Product-History Log by click5
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47488
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bold Page Builder <= 5.3.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows DOM-Based XSS. This issue affects Bold Page Builder: from n/a through 5.3.2.

Action-Not Available
Vendor-BoldThemes
Product-Bold Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47515
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP DPE-GES <= 1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seb WP DPE-GES allows DOM-Based XSS. This issue affects WP DPE-GES: from n/a through 1.6.

Action-Not Available
Vendor-Seb
Product-WP DPE-GES
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47679
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RS WP Book Showcase <= 6.7.40 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RS WP THEMES RS WP Book Showcase allows DOM-Based XSS. This issue affects RS WP Book Showcase: from n/a through 6.7.40.

Action-Not Available
Vendor-RS WP THEMES
Product-RS WP Book Showcase
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47502
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mollie Forms <= 2.7.12 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Mollie Forms allows Stored XSS. This issue affects Mollie Forms: from n/a through 2.7.12.

Action-Not Available
Vendor-Nick
Product-Mollie Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47630
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.60%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-12 May, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajax Load More <= 7.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More allows Stored XSS. This issue affects Ajax Load More: from n/a through 7.3.1.

Action-Not Available
Vendor-connekthqDarren Cooney
Product-ajax_load_moreAjax Load More
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47675
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woobox <= 1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox allows DOM-Based XSS. This issue affects Woobox: from n/a through 1.6.

Action-Not Available
Vendor-woobox
Product-Woobox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47677
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.25 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Stored XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.25.

Action-Not Available
Vendor-gt3themes
Product-Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47610
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.00%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Fortnox Integration <= 4.5.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration allows Stored XSS. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.6.

Action-Not Available
Vendor-Wetail
Product-WooCommerce Fortnox Integration
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Checkout Fields for WooCommerce <= 1.8.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Custom Checkout Fields for WooCommerce allows Stored XSS. This issue affects Custom Checkout Fields for WooCommerce: from n/a through 1.8.3.

Action-Not Available
Vendor-WPFactory
Product-Custom Checkout Fields for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47497
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.42%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-29 May, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Logo Showcase <= 3.0.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepoints Logo Showcase allows DOM-Based XSS. This issue affects Logo Showcase: from n/a through 3.0.4.

Action-Not Available
Vendor-themepoints
Product-Logo Showcase
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47475
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JupiterX Core <= 4.8.11 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artbees JupiterX Core allows Stored XSS. This issue affects JupiterX Core: from n/a through 4.8.11.

Action-Not Available
Vendor-artbees
Product-JupiterX Core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47616
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-05 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress aBlocks <= 1.9.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Imran aBlocks allows Stored XSS.This issue affects aBlocks: from n/a through 1.9.2.

Action-Not Available
Vendor-Tushar Imran
Product-aBlocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47669
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CBX Map for Google Map & OpenStreetMap <= 1.1.12 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sabuj Kundu CBX Map for Google Map & OpenStreetMap allows DOM-Based XSS. This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.12.

Action-Not Available
Vendor-Sabuj Kundu
Product-CBX Map for Google Map & OpenStreetMap
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47503
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NGG Smart Image Search <= 3.3.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpo-HR NGG Smart Image Search allows Stored XSS. This issue affects NGG Smart Image Search: from n/a through 3.3.3.

Action-Not Available
Vendor-wpo-HR
Product-NGG Smart Image Search
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47659
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPBakery Visual Composer WHMCS Elements <= 1.0.4.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements allows Stored XSS. This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through 1.0.4.1.

Action-Not Available
Vendor-voidcoders
Product-WPBakery Visual Composer WHMCS Elements
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47509
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Top 10 <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 allows Stored XSS. This issue affects Top 10: from n/a through 4.1.0.

Action-Not Available
Vendor-Ajay
Product-Top 10
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47506
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contextual Related Posts <= 4.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Contextual Related Posts allows DOM-Based XSS. This issue affects Contextual Related Posts: from n/a through 4.0.2.

Action-Not Available
Vendor-Ajay
Product-Contextual Related Posts
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47632
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.60%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-12 May, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Gallery <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raihanul Islam Awesome Gallery allows Stored XSS. This issue affects Awesome Gallery: from n/a through 1.0.

Action-Not Available
Vendor-raihancseRaihanul Islam
Product-awesome_galleryAwesome Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47656
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spiraclethemes Site Library <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spiraclethemes Spiraclethemes Site Library allows Stored XSS. This issue affects Spiraclethemes Site Library: from n/a through 1.4.0.

Action-Not Available
Vendor-spiraclethemes
Product-Spiraclethemes Site Library
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47482
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SKT Skill Bar <= 2.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar allows Stored XSS. This issue affects SKT Skill Bar: from n/a through 2.4.

Action-Not Available
Vendor-sonalsinha21
Product-SKT Skill Bar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47621
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Meks Flexible Shortcodes <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Flexible Shortcodes allows Stored XSS. This issue affects Meks Flexible Shortcodes: from n/a through 1.3.6.

Action-Not Available
Vendor-Meks
Product-Meks Flexible Shortcodes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47493
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Blocks <= 3.2.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS. This issue affects Ultimate Blocks: from n/a through 3.2.9.

Action-Not Available
Vendor-Ultimate Blocks
Product-Ultimate Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46480
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nepali Post Date <= 5.1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Padam Shankhadev Nepali Post Date allows Stored XSS. This issue affects Nepali Post Date: from n/a through 5.1.1.

Action-Not Available
Vendor-Padam Shankhadev
Product-Nepali Post Date
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46538
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Inline Text Popup <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup allows DOM-Based XSS. This issue affects Inline Text Popup: from n/a through 1.0.0.

Action-Not Available
Vendor-webplanetsoft
Product-Inline Text Popup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41687
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 13:51
Updated-20 Sep, 2024 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Goods Catalog Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <= 2.4.1 versions.

Action-Not Available
Vendor-goods_catalog_projectIrina Sokolovskaya
Product-goods_catalogGoods Catalog
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32181
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Search, Filters & Merchandising for WooCommerce plugin <= 3.0.57 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fast Simon Search, Filters & Merchandising for WooCommerce allows Stored XSS. This issue affects Search, Filters & Merchandising for WooCommerce: from n/a through 3.0.57.

Action-Not Available
Vendor-Fast Simon
Product-Search, Filters & Merchandising for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41728
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 07:35
Updated-02 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rescue Shortcodes Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 2.5.

Action-Not Available
Vendor-rescuethemesRescue Themes
Product-rescue_shortcodesRescue Shortcodes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46471
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Custom Post Popup <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gnanavelshenll WP Custom Post Popup allows DOM-Based XSS. This issue affects WP Custom Post Popup: from n/a through 1.0.1.

Action-Not Available
Vendor-gnanavelshenll
Product-WP Custom Post Popup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46253
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-30 Apr, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.2.2.

Action-Not Available
Vendor-wpmetAtaur R
Product-gutenkitGutenKit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-31849
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 4.92%
||
7 Day CHG-0.04%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nemesis All-in-One | Newspaper Builder Elementor Extention plugin <= 1.1.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fbtemplates Nemesis All-in-One allows Stored XSS. This issue affects Nemesis All-in-One: from n/a through 1.1.0.

Action-Not Available
Vendor-fbtemplates
Product-Nemesis All-in-One
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-4100
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 11:22
Updated-06 Sep, 2024 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in IDM Sistemas QSige

Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.

Action-Not Available
Vendor-qsigeIDM Sistemas QSige
Product-qsigeQSige
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46475
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Able Player <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in terrillthompson Able Player allows DOM-Based XSS. This issue affects Able Player: from n/a through 1.2.1.

Action-Not Available
Vendor-terrillthompson
Product-Able Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46461
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RRSSB <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Relentless Apps RRSSB allows DOM-Based XSS. This issue affects RRSSB: from n/a through 1.0.1.

Action-Not Available
Vendor-Relentless Apps
Product-RRSSB
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-31835
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.37%
||
7 Day CHG-0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Plugin Info Card plugin <= 5.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brice Capobianco WP Plugin Info Card allows DOM-Based XSS. This issue affects WP Plugin Info Card: from n/a through 5.2.5.

Action-Not Available
Vendor-Brice Capobianco
Product-WP Plugin Info Card
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46479
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BBCode Deluxe <= 2020.08.01.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevynCJohnson BBCode Deluxe allows DOM-Based XSS. This issue affects BBCode Deluxe: from n/a through 2020.08.01.2.

Action-Not Available
Vendor-DevynCJohnson
Product-BBCode Deluxe
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-31017
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nav Menu Manager <= 3.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager allows Stored XSS. This issue affects Nav Menu Manager: from n/a through 3.2.5.

Action-Not Available
Vendor-Robert Noakes
Product-Nav Menu Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41666
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 13:48
Updated-20 Sep, 2024 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stock Quotes List Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions.

Action-Not Available
Vendor-stockdioStockdio
Product-stock_quotes_listStock Quotes List
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-30922
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 4.92%
||
7 Day CHG-0.04%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder allows Stored XSS. This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through 1.1.1.

Action-Not Available
Vendor-simplebooklet
Product-Simplebooklet PDF Viewer and Embedder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46239
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Theme Switcha <= 3.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha allows Stored XSS. This issue affects Theme Switcha: from n/a through 3.4.

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-theme_switchaTheme Switcha
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41797
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 08:17
Updated-20 Sep, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Locations Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions.

Action-Not Available
Vendor-goldpluginsGold Plugins
Product-locationsLocations
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-37994
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.28%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 11:26
Updated-24 Sep, 2024 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Art Decoration Shortcode Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration Shortcode plugin <= 1.5.6 versions.

Action-Not Available
Vendor-wpruseArtem Abramovich
Product-art_decoration_shortcodeArt Decoration Shortcode
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-31083
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 4.92%
||
7 Day CHG-0.04%
Published-28 Mar, 2025 | 09:39
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leaky Paywall <= 4.21.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall allows Stored XSS. This issue affects Leaky Paywall: from n/a through 4.21.7.

Action-Not Available
Vendor-ZEEN101
Product-Leaky Paywall
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 42
  • 43
  • Next
Details not found