Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-22687

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-19 May, 2025 | 15:59
Updated At-28 Apr, 2026 | 16:11
Rejected At-
Credits

WordPress tuaug4 theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asmedia Tuaug4 allows Reflected XSS.This issue affects Tuaug4: from n/a through 1.4.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:19 May, 2025 | 15:59
Updated At:28 Apr, 2026 | 16:11
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress tuaug4 theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asmedia Tuaug4 allows Reflected XSS.This issue affects Tuaug4: from n/a through 1.4.

Affected Products
Vendor
Asmedia
Product
Tuaug4
Collection URL
https://wordpress.org/themes
Package Name
tuaug4
Default Status
unaffected
Versions
Affected
  • From n/a through 1.4 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
justakazh (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/theme/tuaug4/vulnerability/wordpress-tuaug4-theme-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/theme/tuaug4/vulnerability/wordpress-tuaug4-theme-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:19 May, 2025 | 16:15
Updated At:23 Apr, 2026 | 15:23

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asmedia Tuaug4 tuaug4 allows Reflected XSS.This issue affects Tuaug4: from n/a through <= 1.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondaryaudit@patchstack.com
CWE ID: CWE-79
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Theme/tuaug4/vulnerability/wordpress-tuaug4-theme-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Theme/tuaug4/vulnerability/wordpress-tuaug4-theme-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2438Records found
CVE-2026-32494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-29 Apr, 2026 | 09:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Slider by Ays plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Image Slider by Ays
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28447
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-1.16% / 78.77%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 20:07
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site scripting vulnerability in Javascript escaping in smarty/smarty

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-smartysmarty-phpFedora Project
Product-smartyfedorasmarty
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-28073
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 05:18
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP eMember theme <= v10.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2.

Action-Not Available
Vendor-Tips and Tricks HQ
Product-WP eMember
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-28130
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 05:54
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UDesign theme <= 4.14.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through <= 4.14.0.

Action-Not Available
Vendor-AndonDesign
Product-UDesign
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27353
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grand News | Magazine Newspaper WordPress theme <= 3.4.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through <= 3.4.3.

Action-Not Available
Vendor-ThemeGoods
Product-Grand News
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27070
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 08:43
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10.

Action-Not Available
Vendor-WPEverest
Product-Everest Forms Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27376
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through <= 2.2.7.

Action-Not Available
Vendor-JanStudio
Product-Claue - Clean, Minimal Elementor WooCommerce Theme
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27385
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DesignThemes Portfolio plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes-portfolio allows Reflected XSS.This issue affects DesignThemes Portfolio: from n/a through <= 1.3.

Action-Not Available
Vendor-designthemes
Product-DesignThemes Portfolio
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27382
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through <= 2.13.

Action-Not Available
Vendor-RadiusTheme
Product-Metro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Agrofood theme < 1.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through < 1.4.0.

Action-Not Available
Vendor-skygroup
Product-Agrofood
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-24948
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:47
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Reflector plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/a through <= 1.2.2.

Action-Not Available
Vendor-fox-themes
Product-Reflector
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25438
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 08:34
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through <= 1.2.8.

Action-Not Available
Vendor-ThemeHunk
Product-Gutenberg Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25373
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Vayvo - Media Streaming & Membership WordPress Theme theme < 6.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProgressionStudios Vayvo vayvo-progression allows Reflected XSS.This issue affects Vayvo: from n/a through < 6.8.

Action-Not Available
Vendor-ProgressionStudios
Product-Vayvo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25350
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Miti theme < 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3.

Action-Not Available
Vendor-skygroup
Product-Miti
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25356
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Yobazar theme < 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through < 1.6.7.

Action-Not Available
Vendor-skygroup
Product-Yobazar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25018
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NaturaLife Extensions plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through <= 2.1.

Action-Not Available
Vendor-stmcan
Product-NaturaLife Extensions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-24983
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UpSolution Core plugin <= 8.41 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution UpSolution Core us-core allows Reflected XSS.This issue affects UpSolution Core: from n/a through <= 8.41.

Action-Not Available
Vendor-UpSolution
Product-UpSolution Core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Stored XSS.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.36.

Action-Not Available
Vendor-WpDevArt
Product-Booking calendar, Appointment Booking System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-24943
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:47
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through <= 5.3.4.

Action-Not Available
Vendor-ThemeGoods
Product-Grand Conference
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-1058
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.27%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 06:38
Updated-08 Apr, 2026 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses html_entity_decode() on user-supplied hidden field values without subsequent escaping before output, which converts HTML entity-encoded payloads back into executable JavaScript. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the admin submissions view that will execute whenever an administrator accesses the submissions list.

Action-Not Available
Vendor-10Web (TenWeb, Inc.)
Product-Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-23807
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Telegram Widget and Join Link plugin <= 2.2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.13.

Action-Not Available
Vendor-WP Socio
Product-WP Telegram Widget and Join Link
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22352
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:47
Updated-28 Apr, 2026 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Persian Woocommerce SMS plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through <= 7.1.1.

Action-Not Available
Vendor-PersianScript
Product-Persian Woocommerce SMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22322
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.69%
||
7 Day CHG~0.00%
Published-18 Mar, 2026 | 07:34
Updated-18 Mar, 2026 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross‑Site Scripting in Link Aggregation Name Handling

A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-FL SWITCH 2316 PNFL NAT 2304-2GC-2SFPFL SWITCH 2506-2SFP/K1FL SWITCH 2303-8SP1FL SWITCH 2708 PNFL SWITCH 2208 PNFL SWITCH 2206-2FXFL SWITCH 2207-FX SMFL SWITCH 2408 PNFL SWITCH 2708FL SWITCH 2414-2SFX PNFL NAT 2008FL SWITCH 2216 PNFL SWITCH 2008FFL NAT 2208FL SWITCH 2214-2SFXFL SWITCH 2508 PNFL SWITCH 2312-2GC-2SFPFL SWITCH 2608FL SWITCH 2308FL SWITCH 2204-2TC-2SFXFL SWITCH TSN 2316FL SWITCH 2206-2SFX PNFL SWITCH 2414-2SFXFL SWITCH 2516 PNFL SWITCH 5924-4GCFL SWITCH 2208FL SWITCH 2116FL SWITCH 2504-2GC-2SFPFL SWITCH 2408FL SWITCH 2608 PNFL SWITCH 2016FL SWITCH TSN 2312-2GC-2SFPFL SWITCH 5916-8GC-4SFP+FL SWITCH 2514-2SFPFL SWITCH 2316/K1FL SWITCH 2206C-2FXFL SWITCH 2008FL SWITCH 2206-2FX SMFL SWITCH TSN 2314-2SFPFL SWITCH 2306-2SFPFL SWITCH 2512-2GC-2SFPFL SWITCH 2314-2SFPFL SWITCH 2207-FXFL SWITCH 2406-2SFX PNFL SWITCH 2206-2SFXFL SWITCH 2416 PNFL SWITCH 2508FL SWITCH 2406-2SFXFL SWITCH 2308 PNFL SWITCH 2416FL SWITCH 2306-2SFP PNFL SWITCH 5924-4SFP+FL SWITCH 2205FL SWITCH 2216FL SWITCH 2412-2TC-2SFXFL SWITCH 2005FL SWITCH 2214-2FX SMFL SWITCH 2506-2SFP PNFL SWITCH 2108FL SWITCH 2304-2GC-2SFPFL SWITCH 2514-2SFP PNFL SWITCH 2206-2FX SM STFL SWITCH 2212-2TC-2SFXFL SWITCH 2516FL SWITCH 5916SFP-8GC-4SFP+FL SWITCH 2508/K1FL SWITCH 2506-2SFPFL SWITCH 5924SFP-4GCFL SWITCH 2314-2SFP PNFL SWITCH 2105FL SWITCH 2206-2FX STFL SWITCH 2214-2FXFL SWITCH 2208CFL SWITCH 2316FL SWITCH 2404-2TC-2SFXFL SWITCH 2214-2SFX PN
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-6529
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-52.37% / 97.96%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 06:00
Updated-01 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ultimate Classified Listings < 1.4 - Reflected XSS

The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-Unknownwebcodingplace
Product-Ultimate Classified Listingsultimate_classified_listings
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8281
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.10% / 26.50%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 06:00
Updated-16 Jan, 2026 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Talroo <= 2.4 - Reflected XSS

The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin and unauthenticated users.

Action-Not Available
Vendor-boybawangUnknown
Product-wp_talrooWP Talroo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8411
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.75%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 11:17
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in Dokuzsoft Technology's E-Commerce Web Design Product

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers.This issue affects E-Commerce Web Design Product: before 11.08.2025.

Action-Not Available
Vendor-Dokuzsoft Technology
Product-E-Commerce Web Design Product
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-43818
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-5.43% / 90.26%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 18:05
Updated-18 Dec, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML Cleaner allows crafted and SVG embedded scripts to pass through

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.

Action-Not Available
Vendor-lxmllxmlDebian GNU/LinuxOracle CorporationFedora ProjectNetApp, Inc.
Product-http_serverdebian_linuxsolidfire_enterprise_sdshci_storage_nodehci_storage_node_firmwarefedoralxmlzfs_storage_appliance_kitcommunications_cloud_native_core_network_exposure_functioncommunications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_policysolidfirelxml
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5849
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.58% / 69.17%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 12:32
Updated-22 Aug, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows reflected XSS

An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.

Action-Not Available
Vendor-pepperl-fuchsPepperl+Fuchs
Product-icdm-rx\/tcp-32rj45\/rj45-rmicdm-rx\/tcp_socketserver_firmwaremodbus_server_firmwareicdm-rx\/tcp-16db9\/rj45-rmicdm-rx\/mod-st\/rj45-dinicdm-rx\/en1-2st\/rj45-dinprofinet_firmwareicdm-rx\/tcp-4db9\/2rj45-pmicdm-rx\/pn-2st\/rj45-dinicdm-rx\/pn1-db9\/rj45-pmicdm-rx\/en1-4db9\/2rj45-dinicdm-rx\/tcp-2st\/rj45-dinicdm-rx\/mod-4db9\/2rj45-dinicdm-rx\/en-db9\/rj45-dinicdm-rx\/tcp-16rj45\/2rj45-pmicdm-rx\/pn-db9\/rj45-pmicdm-rx\/pn-db9\/rj45-dinicdm-rx\/tcp-4db9\/2rj45-dinicdm-rx\/tcp-8db9\/2rj45-pmicdm-rx\/pn-4db9\/2rj45-dinicdm-rx\/tcp-db9\/rj45-pmicdm-rx\/tcp-16rj45\/rj45-rmicdm-rx\/tcp-db9\/rj45-pm2eip\/modbus_firmwareicdm-rx\/en1-st\/rj45-dinicdm-rx\/pn1-st\/rj45-dinmodbus_tcp_firmwareicdm-rx\/pn1-db9\/rj45-dinethernet\/ip_firmwareicdm-rx\/en1-db9\/rj45-pmicdm-rx\/pn-st\/rj45-dinicdm-rx\/en-2st\/rj45-dinicdm-rx\/en-st\/rj45-dinicdm-rx\/en1-2db9\/rj45-dinicdm-rx\/en-4db9\/2rj45-dinicdm-rx\/pn1-2db9\/rj45-dinicdm-rx\/mod-db9\/rj45-dinicdm-rx\/pn1-4db9\/2rj45-dinicdm-rx\/tcp-2db9\/rj45-dinmodbus_router_firmwareicdm-rx\/pn-2db9\/rj45-dinicdm-rx\/en-db9\/rj45-pmicdm-rx\/tcp-st\/rj45-dinicdm-rx\/en-2db9\/rj45-dinicdm-rx\/tcp-db9\/rj45-dinprofinet\/modbus_firmwareicdm-rx\/pn1-2st\/rj45-dinicdm-rx\/en1-db9\/rj45-dinICDM-RX/TCP-DB9/RJ45-PM2ICDM-RX/PN-DB9/RJ45-PMICDM-RX/MOD-DB9/RJ45-DINICDM-RX/PN-2ST/RJ45-DINICDM-RX/PN1-4DB9/2RJ45-DINICDM-RX/TCP-ST/RJ45-DINICDM-RX/EN-DB9/RJ45-DINICDM-RX/TCP-2ST/RJ45-DINICDM-RX/TCP-DB9/RJ45-DINICDM-RX/PN-ST/RJ45-DINICDM-RX/PN1-2DB9/RJ45-DINICDM-RX/EN1-2ST/RJ45-DINICDM-RX/EN1-4DB9/2RJ45-DINICDM-RX/MOD-DB9/RJ45-PMICDM-RX/TCP-2DB9/RJ45-DINICDM-RX/EN-DB9/RJ45-PMICDM-RX/PN1-DB9/RJ45-DINICDM-RX/EN-2ST/RJ45-DINICDM-RX/MOD-4DB9/2RJ45-DINICDM-RX/MOD-16RJ45/2RJ45-PMICDM-RX/EN-2DB9/RJ45-DINICDM-RX/PN1-2ST/RJ45-DINICDM-RX/TCP-4DB9/2RJ45-DINICDM-RX/PN1-DB9/RJ45-PMICDM-RX/PN1-ST/RJ45-DINICDM-RX/MOD-2ST/RJ45-DINICDM-RX/TCP-16DB9/RJ45-RMICDM-RX/TCP-16RJ45/2RJ45-PMICDM-RX/PN-DB9/RJ45-DINICDM-RX/EN1-DB9/RJ45-DINICDM-RX/MOD-ST/RJ45-DINICDM-RX/TCP-32RJ45/RJ45-RMICDM-RX/MOD-2DB9/RJ45-DINICDM-RX/TCP-DB9/RJ45-PMICDM-RX/EN1-DB9/RJ45-PMICDM-RX/EN-ST/RJ45-DINICDM-RX/EN1-ST/RJ45-DINICDM-RX/TCP-16RJ45/RJ45-RMICDM-RX/EN1-2DB9/RJ45-DINICDM-RX/TCP-8DB9/2RJ45-PMICDM-RX/EN-4DB9/2RJ45-DINICDM-RX/PN-4DB9/2RJ45-DINICDM-RX/TCP-4DB9/2RJ45-PMICDM-RX/PN-2DB9/RJ45-DIN
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-70846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 00:00
Updated-11 Mar, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56024
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 28.20%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Dashboard Widget plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget create-custom-dashboard-widget allows Reflected XSS.This issue affects Custom Dashboard Widget: from n/a through <= 1.0.0.

Action-Not Available
Vendor-DuoGeek
Product-Custom Dashboard Widget
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56299
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Notify Odoo plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pektsekye Notify Odoo notify-odoo allows Stored XSS.This issue affects Notify Odoo: from n/a through <= 1.0.0.

Action-Not Available
Vendor-Pektsekye
Product-Notify Odoo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56026
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 28.20%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Proxy plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg – SiteOrigin Simple Proxy simple-proxy allows Reflected XSS.This issue affects Simple Proxy: from n/a through <= 1.0.

Action-Not Available
Vendor-Greg – SiteOrigin
Product-Simple Proxy
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56289
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-7.55% / 91.90%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through <= 3.7.3.3.

Action-Not Available
Vendor-Groundhogg (Groundhogg Inc.)FormLift - Adrian Tobey (Groundhogg Inc.)
Product-Groundhogg
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56056
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.29% / 52.86%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SimpleCharm Theme <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm simplecharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through <= 1.4.3.

Action-Not Available
Vendor-kmfoysal06kmfoysal06
Product-simplecharmSimpleCharm
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56027
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.29%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 09:23
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leads CRM plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bizswoop Leads CRM leads-crm allows Reflected XSS.This issue affects Leads CRM: from n/a through <= 2.0.13.

Action-Not Available
Vendor-bizswoopBizSwoop (CPF Concepts, LLC)
Product-Leads CRM
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56060
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.20%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 09:13
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through <= 1.4.1.

Action-Not Available
Vendor-Link Software LLC
Product-HTML Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68890
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.02%
||
7 Day CHG+0.02%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through <= 1.0.4.

Action-Not Available
Vendor-hands01
Product-e-shops
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-69321
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.15%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grand Spa theme <= 3.5.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Spa grandspa allows Reflected XSS.This issue affects Grand Spa: from n/a through <= 3.5.5.

Action-Not Available
Vendor-ThemeGoods
Product-Grand Spa
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68835
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ravpage plugin <= 2.33 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.

Action-Not Available
Vendor-matiskiba
Product-Ravpage
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68878
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.02%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 16:00
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through <= 1.1.0.

Action-Not Available
Vendor-prasadkirpekar
Product-Advanced Custom CSS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68854
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.15%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ID Arrays plugin <= 2.1.2 - POST-Based Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through <= 2.1.2.

Action-Not Available
Vendor-harman79
Product-ID Arrays
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68904
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JNews - Frontend Submit plugin <= 11.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through <= 11.0.0.

Action-Not Available
Vendor-jegtheme
Product-JNews - Frontend Submit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56210
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:32
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro userpro allows Reflected XSS.This issue affects Userpro: from n/a through <= 5.1.9.

Action-Not Available
Vendor-DeluxeThemes
Product-Userpro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56037
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.20%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 09:15
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Referral plugin <= 8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftClever Limited User Referral user-referral-free allows Reflected XSS.This issue affects User Referral: from n/a through <= 8.0.

Action-Not Available
Vendor-SoftClever Limited
Product-User Referral
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-69098
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hide My WP plugin <= 6.2.12 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWave Hide My WP hide_my_wp allows Reflected XSS.This issue affects Hide My WP: from n/a through <= 6.2.12.

Action-Not Available
Vendor-wpWave
Product-Hide My WP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68876
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.02%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 16:05
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Invelity SPS connect plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect invelity-sps-connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through <= 1.0.8.

Action-Not Available
Vendor-INVELITY
Product-Invelity SPS connect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56033
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.83%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 09:19
Updated-11 May, 2026 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FAQs plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs faqs allows Reflected XSS.This issue affects FAQs: from n/a through <= 1.0.2.

Action-Not Available
Vendor-Think201
Product-FAQs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56018
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 28.20%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BU Section Editing Plugin <= 0.9.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BU Web Team BU Section Editing bu-section-editing allows Reflected XSS.This issue affects BU Section Editing: from n/a through <= 0.9.9.

Action-Not Available
Vendor-BU Web Team
Product-BU Section Editing
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-69054
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.07%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Super Logos Showcase plugin <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through <= 2.8.

Action-Not Available
Vendor-Super Store Finder
Product-Super Logos Showcase
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5715
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.92%
||
7 Day CHG~0.00%
Published-13 Jul, 2024 | 06:00
Updated-20 May, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP eMember < 10.6.7 - Reflected XSS via Member Edit

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-UnknownTips and Tricks HQ
Product-wp_ememberwp-eMemberwp_emember
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 48
  • 49
  • Next
Details not found