Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-56210

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-31 Dec, 2024 | 10:32
Updated At-31 Dec, 2024 | 15:29
Rejected At-
Credits

WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro allows Reflected XSS.This issue affects Userpro: from n/a through 5.1.9.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:31 Dec, 2024 | 10:32
Updated At:31 Dec, 2024 | 15:29
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro allows Reflected XSS.This issue affects Userpro: from n/a through 5.1.9.

Affected Products
Vendor
DeluxeThemes
Product
Userpro
Default Status
unaffected
Versions
Affected
  • From n/a through 5.1.9 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Rafie Muhammad (Patchstack)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:31 Dec, 2024 | 11:15
Updated At:31 Dec, 2024 | 11:15

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro allows Reflected XSS.This issue affects Userpro: from n/a through 5.1.9.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2021Records found
CVE-2024-27952
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.10%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 16:18
Updated-18 Mar, 2025 | 11:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Sermons plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.2.

Action-Not Available
Vendor-wpcodeusWP Codeus
Product-advanced_sermonsAdvanced Sermons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-27960
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.48%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 16:30
Updated-02 Aug, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Email Subscription Popup plugin <= 1.2.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20.

Action-Not Available
Vendor-I Thirteen Web Solution
Product-Email Subscription Popup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24878
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-08 Feb, 2024 | 12:58
Updated-27 Aug, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Portugal CTT Tracking for WooCommerce Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.

Action-Not Available
Vendor-webdadosPT Woo Plugins (by Webdados)
Product-portugal_ctt_tracking_for_woocommercePortugal CTT Tracking for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24879
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.16% / 37.62%
||
7 Day CHG~0.00%
Published-08 Feb, 2024 | 12:02
Updated-15 Oct, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.

Action-Not Available
Vendor-ylefebvreYannick Lefebvre
Product-link_libraryLink Library
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-2597
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.30%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 14:02
Updated-17 Apr, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) in AMSS++

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

Action-Not Available
Vendor-amss\+\+_projectAmssplus
Product-amss\+\+AMSS++
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25599
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.26% / 48.95%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:52
Updated-25 Mar, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seriously Simple Podcasting plugin <= 3.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2.

Action-Not Available
Vendor-Castos
Product-Seriously Simple Podcasting
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24800
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 42.26%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:47
Updated-02 Aug, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Feed PRO for WooCommerce plugin <= 13.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5.

Action-Not Available
Vendor-AdTribes
Product-Product Feed PRO for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24933
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 05:41
Updated-01 Aug, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Honeypot for WP Comment Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3.

Action-Not Available
Vendor-prasidhdamallaPrasidhda Malla
Product-honeypot_for_wp_commentHoneypot for WP Comment
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25921
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.29%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 13:00
Updated-01 Aug, 2024 | 23:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Action Network plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2.

Action-Not Available
Vendor-Concerted Action
Product-Action Network
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24932
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 05:44
Updated-24 Apr, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VK Poster Group Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This issue affects VK Poster Group: from n/a through 2.0.3.

Action-Not Available
Vendor-zixnDjo
Product-vk_poster_groupVK Poster Group
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24848
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 40.14%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 06:11
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PT Sign Ups Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4.

Action-Not Available
Vendor-mjssoftwareMJS Software
Product-sign_upsPT Sign Ups – Beautiful volunteer sign ups and management made easy
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25093
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 30.89%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 05:43
Updated-16 Jan, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GD Rating System Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5.

Action-Not Available
Vendor-dev4pressMilan Petrovic
Product-gd_rating_systemGD Rating System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-2595
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.30%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 14:01
Updated-17 Apr, 2025 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) in AMSS++

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

Action-Not Available
Vendor-amss\+\+_projectAmssplus
Product-amss\+\+AMSS++
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-2598
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.30%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 14:02
Updated-17 Apr, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) in AMSS++

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

Action-Not Available
Vendor-amss\+\+_projectAmssplus
Product-amss\+\+AMSS++
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25926
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 35.19%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:44
Updated-06 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Widgets Controller plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1.

Action-Not Available
Vendor-IndiaNIC
Product-Widgets Controller
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-2594
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.30%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 14:00
Updated-17 Apr, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) in AMSS++

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

Action-Not Available
Vendor-amss\+\+_projectAmssplus
Product-amss\+\+AMSS++
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24881
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 32.46%
||
7 Day CHG~0.00%
Published-08 Feb, 2024 | 11:19
Updated-17 Dec, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.

Action-Not Available
Vendor-veronalabsVeronaLabs
Product-wp_smsWP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8281
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.63%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 06:00
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Talroo <= 2.4 - Reflected XSS

The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin and unauthenticated users.

Action-Not Available
Vendor-Unknown
Product-WP Talroo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24866
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 06:02
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Biteship Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.

Action-Not Available
Vendor-biteshipBiteship
Product-biteshipBiteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24847
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.23%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 06:15
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CalculatorPro Calculators Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7.

Action-Not Available
Vendor-jgadboisjgadbois
Product-calculatorpro_calculatorsCalculatorPro Calculators
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24700
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 35.19%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:48
Updated-02 Aug, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Editor plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8.

Action-Not Available
Vendor-Benjamin Rojas
Product-WP Editor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-23508
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 15:21
Updated-30 May, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PDF Poster - PDF Embedder Plugin for WordPress Plugin <= 2.1.17 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17.

Action-Not Available
Vendor-bpluginsbPlugins
Product-pdf_posterPDF Poster – PDF Embedder Plugin for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-44026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.37%
||
7 Day CHG~0.00%
Published-27 Jan, 2023 | 00:00
Updated-28 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6.

Action-Not Available
Vendor-netscoutn/a
Product-ngeniusonen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-45366
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.48%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 12:08
Updated-10 Oct, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions.

Action-Not Available
Vendor-wp-slimstatJason Crouse, VeronaLabs
Product-slimstat_analyticsSlimstat Analytics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-39647
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.12%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 22:09
Updated-11 Sep, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Message Filter for Contact Form 7 plugin <= 1.6.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.1.1.

Action-Not Available
Vendor-kofimokomeKofi Mokome
Product-message_filter_for_contact_form_7Message Filter for Contact Form 7
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22142
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.86%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 23:17
Updated-25 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.

Action-Not Available
Vendor-cozmoslabsCozmoslabs
Product-profile_builderProfile Builder Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-40313
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-7.1||HIGH
EPSS-0.34% / 55.78%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 16:34
Updated-20 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.

Action-Not Available
Vendor-n/aFedora ProjectMoodle Pty Ltd
Product-fedoraextra_packages_for_enterprise_linuxmoodlemoodle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22160
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 18:07
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Tag Manager Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bradley B. Dalina Image Tag Manager allows Reflected XSS.This issue affects Image Tag Manager: from n/a through 1.5.

Action-Not Available
Vendor-bradleybdalinaBradley B. Dalina
Product-image_tag_managerImage Tag Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33978
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.08% / 25.42%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:00
Updated-15 Aug, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in Janobe E-Negosyo System

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'.

Action-Not Available
Vendor-janobe
Product-young_entrepreneur_e-negosyo_systemE-Negosyo System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.77%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 14:52
Updated-04 Jun, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.

Action-Not Available
Vendor-iliasn/ailias
Product-iliasn/ailias
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22311
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 44.08%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:40
Updated-02 Aug, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simply Schedule Appointments plugin <= 1.6.6.20 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20.

Action-Not Available
Vendor-N Squared Digital, LLC
Product-Simply Schedule Appointments
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 09:37
Updated-01 Aug, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Smart Editor Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3.

Action-Not Available
Vendor-WP Smart EditorJoomUnited
Product-wp-smart-editorJoomUnited
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22149
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 56.99%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:51
Updated-02 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress cformsII plugin <= 15.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.

Action-Not Available
Vendor-Oliver Seidel, Bastian Germann
Product-CformsII
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22300
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 42.26%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:56
Updated-06 Aug, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11.

Action-Not Available
Vendor-Icegram
Product-Email Subscribers & Newsletters
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22299
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.26% / 48.95%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:59
Updated-02 Aug, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FV Player plugin <= 7.5.41.7212 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212.

Action-Not Available
Vendor-Foliovision: Making the web work for you
Product-FV Flowplayer Video Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32952
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.50%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 08:24
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.

Action-Not Available
Vendor-BloomPixelWordPress.org
Product-Max Addons Pro for Bricksmax_addons_pro_for_bricks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.97%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 09:20
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Gallery by 10Web plugin <= 1.8.21 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.

Action-Not Available
Vendor-10Web (TenWeb, Inc.)AYS Pro Extensions
Product-Photo Gallery by 10Webphoto_gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32528
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 40.21%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 09:44
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Dynamic Keywords Injector plugin <= 2.3.18 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seerox WP Dynamic Keywords Injector allows Reflected XSS.This issue affects WP Dynamic Keywords Injector: from n/a through 2.3.18.

Action-Not Available
Vendor-Seerox
Product-WP Dynamic Keywords Injector
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-41353
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.17%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php

Action-Not Available
Vendor-n/aphpipam
Product-n/aphpipam
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32545
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 08:22
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Canva – Design beautiful blog graphics plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Canva Canva – Design beautiful blog graphics allows Reflected XSS.This issue affects Canva – Design beautiful blog graphics: from n/a through 1.2.4.

Action-Not Available
Vendor-Canva
Product-Canva – Design beautiful blog graphics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22159
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 18:12
Updated-12 Nov, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WOLF Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wolf_-_wordpress_posts_bulk_editor_and_products_manager_professionalWOLF – WordPress Posts Bulk Editor and Manager Professional
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31256
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 36.42%
||
7 Day CHG+0.04%
Published-07 Apr, 2024 | 17:48
Updated-22 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WebinarPress plugin <= 1.33.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.10.

Action-Not Available
Vendor-WebinarPress
Product-WebinarPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34560
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.50%
||
7 Day CHG~0.00%
Published-22 Apr, 2024 | 00:00
Updated-22 Apr, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.

Action-Not Available
Vendor-phpfoxn/a
Product-phpfoxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29915
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 56.59%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 07:07
Updated-19 Mar, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Podlove Podcast Publisher plugin <= 4.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9.

Action-Not Available
Vendor-podlovePodlovepodlove
Product-podlove_podcast_publisherPodlove Podcast Publisherpodlove_podcast_publisher
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22293
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 17:33
Updated-15 May, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5.

Action-Not Available
Vendor-dontdreamAndrea Tarantini
Product-bp_profile_searchBP Profile Search
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29128
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.93%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 14:04
Updated-27 Feb, 2025 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress POST SMTP Mailer plugin <= 2.8.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affects POST SMTP: from n/a through 2.8.6.

Action-Not Available
Vendor-wpexpertsPost SMTP
Product-post_smtpPOST SMTP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29102
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.88%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 15:47
Updated-02 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extensions For CF7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-Extensions For CF7
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22288
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.10%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:49
Updated-10 Feb, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0.

Action-Not Available
Vendor-webtoffeeWebToffee
Product-woocommerce_pdf_invoices\,_packing_slips\,_delivery_notes_and_shipping_labelsWooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-31094
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.34% / 56.15%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 21:05
Updated-23 Apr, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site scripting vulnerability in ScratchTools

ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project that tries to. The issue is that if a user visits a project that includes Javascript in the title, then when the Recently Viewed Projects feature displays it, it could run the Javascript. This issue has been addressed in the 2.5.2 release. Users having issues scratching should open an issue in the project issue tracker https://github.com/STForScratch/ScratchTools/

Action-Not Available
Vendor-scratchstatusSTForScratch
Product-scratchtoolsScratchTools
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-31191
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.42% / 61.06%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 20:30
Updated-23 Apr, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-duraspaceDSpace
Product-dspaceDSpace
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 40
  • 41
  • Next
Details not found