Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-22771

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-17 Apr, 2025 | 15:17
Updated At-28 Apr, 2026 | 16:11
Rejected At-
Credits

WordPress The Great Firewords of China plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studio Hyperset The Great Firewords of China sensitive-chinese-words-scanner allows Stored XSS.This issue affects The Great Firewords of China: from n/a through <= 1.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:17 Apr, 2025 | 15:17
Updated At:28 Apr, 2026 | 16:11
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress The Great Firewords of China plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studio Hyperset The Great Firewords of China sensitive-chinese-words-scanner allows Stored XSS.This issue affects The Great Firewords of China: from n/a through <= 1.2.

Affected Products
Vendor
Studio Hyperset
Product
The Great Firewords of China
Collection URL
https://wordpress.org/plugins
Package Name
sensitive-chinese-words-scanner
Default Status
unaffected
Versions
Affected
  • From 0 through 1.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592Stored XSS
CAPEC ID: CAPEC-592
Description: Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Zlrqh | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/sensitive-chinese-words-scanner/vulnerability/wordpress-the-great-firewords-of-china-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/sensitive-chinese-words-scanner/vulnerability/wordpress-the-great-firewords-of-china-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:17 Apr, 2025 | 16:15
Updated At:23 Apr, 2026 | 15:23

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studio Hyperset The Great Firewords of China sensitive-chinese-words-scanner allows Stored XSS.This issue affects The Great Firewords of China: from n/a through <= 1.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondaryaudit@patchstack.com
CWE ID: CWE-79
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/sensitive-chinese-words-scanner/vulnerability/wordpress-the-great-firewords-of-china-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/sensitive-chinese-words-scanner/vulnerability/wordpress-the-great-firewords-of-china-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2641Records found
CVE-2025-62761
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.80%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 08:44
Updated-12 May, 2026 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Knowledge Base documentation & wiki plugin – BasePress plugin <= 2.17.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BasePress Knowledge Base documentation & wiki plugin – BasePress basepress allows Stored XSS.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through <= 2.17.0.1.

Action-Not Available
Vendor-BasePress
Product-Knowledge Base documentation & wiki plugin – BasePress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49230
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 57.90%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 09:54
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through <= 2.0.4.

Action-Not Available
Vendor-harpreetsinghharry005
Product-ajax_custom_css\/jsAjax Custom CSS/JS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-63042
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.36%
||
7 Day CHG+0.01%
Published-09 Dec, 2025 | 14:52
Updated-28 Apr, 2026 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through <= 3.0.1.

Action-Not Available
Vendor-Themeum
Product-Tutor LMS Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49265
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.64%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 15:33
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking.com Banner Creator plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SPBooking.com Booking.com Banner Creator bookingcom-banner-creator.This issue affects Booking.com Banner Creator: from n/a through <= 1.4.6.

Action-Not Available
Vendor-bookingSPBooking.com
Product-banner_creatorBooking.com Banner Creator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49241
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 38.73%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 09:44
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tito plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tady Tito tito allows DOM-Based XSS.This issue affects Tito: from n/a through <= 2.3.

Action-Not Available
Vendor-tadywalshtady
Product-titoTito
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47391
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 38.73%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:44
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bold Page Builder plugin < 5.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through < 5.1.1.

Action-Not Available
Vendor-BoldThemes
Product-bold_page_builderBold Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47343
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 35.90%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:46
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mega Elements – Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kraft Plugins Mega Elements mega-elements-addons-for-elementor allows Stored XSS.This issue affects Mega Elements: from n/a through <= 1.2.4.

Action-Not Available
Vendor-Kraft Plugins
Product-Mega Elements
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47392
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 38.73%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:42
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Element Pack Elementor Addons plugin <= 5.7.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through <= 5.7.5.

Action-Not Available
Vendor-BdThemes
Product-element_packElement Pack Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47630
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.81%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:20
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ElementInvader Addons for Elementor plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.2.7.

Action-Not Available
Vendor-elementinvaderElement Invader
Product-elementinvader_addons_for_elementorElementInvader Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47310
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.89%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:29
Updated-12 May, 2026 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ARI Fancy Lightbox -- Popup for WordPress plugin <= 1.3.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft ARI Fancy Lightbox ari-fancy-lightbox allows Stored XSS.This issue affects ARI Fancy Lightbox: from n/a through <= 1.3.17.

Action-Not Available
Vendor-ARI Soft
Product-ARI Fancy Lightbox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47364
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 38.73%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 09:48
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Move Addons for Elementor plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor move-addons allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through <= 1.3.4.

Action-Not Available
Vendor-moveaddonsmoveaddons
Product-move_addons_for_elementorMove Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47368
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 35.90%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 09:42
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premium Blocks plugin <= 2.1.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress premium-blocks-for-gutenberg allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through <= 2.1.33.

Action-Not Available
Vendor-Leap13
Product-Premium Blocks – Gutenberg Blocks for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47626
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.89%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:31
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RomethemeKit For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Stored XSS.This issue affects RTMKit: from n/a through <= 1.5.0.

Action-Not Available
Vendor-Rometheme
Product-RTMKit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.89%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:01
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VdoCipher plugin <= 1.29 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vibhav Sinha VdoCipher vdocipher allows Stored XSS.This issue affects VdoCipher: from n/a through <= 1.29.

Action-Not Available
Vendor-Vibhav Sinha
Product-VdoCipher
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-29444
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.22%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 19:03
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability

Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.

Action-Not Available
Vendor-cloudwaysCloudways
Product-breezeBreeze (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-264
Not Available
CVE-2022-24708
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.62%
||
7 Day CHG~0.00%
Published-23 Feb, 2022 | 23:50
Updated-23 Apr, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS vulnerability in anuko/timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with elements of JavaScript. Such script could then be executed in user browser on subsequent requests on pages where primary group name was displayed. This is vulnerability has been fixed in version 1.20.0.5646. Users who are unable to upgrade may modify ttUser.class.php to use an additional call to htmlspecialchars when printing group name.

Action-Not Available
Vendor-anukoanuko
Product-time_trackertimetracker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-24967
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.22%
||
7 Day CHG~0.00%
Published-29 May, 2022 | 17:35
Updated-30 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS).

Action-Not Available
Vendor-blackrainbown/a
Product-nimbusn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43953
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 57.90%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 17:53
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Classic Addons – WPBakery Page Builder plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webcodingplace Classic Addons – WPBakery Page Builder classic-addons-wpbakery-page-builder-addons allows Stored XSS.This issue affects Classic Addons – WPBakery Page Builder: from n/a through <= 3.5.

Action-Not Available
Vendor-wpbakerywebcodingplace
Product-page_builderClassic Addons – WPBakery Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23891
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 57.35%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-11 May, 2026 | 22:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Yet Another Countdown Plugin plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Loy Yet Another Countdown yacp allows DOM-Based XSS.This issue affects Yet Another Countdown: from n/a through <= 1.0.1.

Action-Not Available
Vendor-Vincent Loy
Product-Yet Another Countdown
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-44057
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.02%
||
7 Day CHG~0.00%
Published-15 Sep, 2024 | 08:15
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nirvana theme <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3.

Action-Not Available
Vendor-cryoutcreationsCryoutCreations
Product-nirvanaNirvana
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-44033
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 47.85%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 12:19
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Primary Addon for Elementor plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through <= 1.5.7.

Action-Not Available
Vendor-nicheaddonsnicheaddons
Product-primary_addon_for_elementorPrimary Addon for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43946
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.22%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 18:03
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SKT Blocks plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.5.

Action-Not Available
Vendor-Sonl Sinha (SKT Web Themes LLC)
Product-skt_blocksSKT Blocks – Gutenberg based Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-44008
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 64.74%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 23:03
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Geo Mashup plugin <= 1.13.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through <= 1.13.12.

Action-Not Available
Vendor-cyberhoboDylan Kuhn
Product-geo_mashupGeo Mashup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.47%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 23:16
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Posterity theme <= 3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sonalsinha21 Posterity allows Stored XSS.This issue affects Posterity: from n/a through 3.6.

Action-Not Available
Vendor-sonalsinha21Sonl Sinha (SKT Web Themes LLC)
Product-posterityPosterity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-44047
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.09%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 23:00
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IMPress for IDX Broker plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker idx-broker-platinum allows Stored XSS.This issue affects IMPress for IDX Broker: from n/a through <= 3.2.2.

Action-Not Available
Vendor-idxbrokerIDX Broker
Product-impress_for_idx_brokerIMPress for IDX Broker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43949
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.57%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 18:00
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GHActivity plugin <= 2.0.0-alpha - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha.

Action-Not Available
Vendor-Automattic Inc.
Product-ghactivityghacitivityGHActivity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-52228
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.42%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:54
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Beds24 Online Booking plugin <= 2.0.24 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24.

Action-Not Available
Vendor-Mark Kinchin
Product-Beds24 Online Booking
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-44054
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.02%
||
7 Day CHG~0.00%
Published-15 Sep, 2024 | 08:19
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fluida theme <= 1.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8.

Action-Not Available
Vendor-cryoutcreationsCryoutCreations
Product-fluidaFluida
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-40904
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.1||MEDIUM
EPSS-Not Assigned
Published-19 May, 2026 | 13:23
Updated-19 May, 2026 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML injection in Smart Polling in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remote strategy in the Smart Polling functionality, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.

Action-Not Available
Vendor-Nozomi Networks
Product-GuardianCMC
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43210
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.89%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 21:46
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.2.

Action-Not Available
Vendor-LA-Studio
Product-LA-Studio Element Kit for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-25085
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.18%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SimpleWeather plugin <= 0.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matt_mcbrien WP SimpleWeather wp-simpleweather allows Stored XSS.This issue affects WP SimpleWeather: from n/a through <= 0.2.5.

Action-Not Available
Vendor-matt_mcbrien
Product-WP SimpleWeather
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43139
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 48.55%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 22:18
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Football Pool plugin <= 2.11.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9.

Action-Not Available
Vendor-Antoine Hurkmansantoine_hurkmans
Product-Football Poolfootball_pool_wordpress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43318
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.76%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 14:15
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress E2Pdf – Export To Pdf Tool for WordPress plugin <= 1.25.05 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.25.05.

Action-Not Available
Vendor-e2pdfE2Pdf
Product-e2pdfe2pdf
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43225
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.66%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 21:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Enter Addons plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.7.

Action-Not Available
Vendor-themelooksThemeLooks
Product-enter_addonsEnter Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-22682
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.40%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 06:20
Updated-17 Sep, 2024 | 00:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-calendarSynology Calendar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43124
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.79%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 22:37
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Graphina plugin <= 1.8.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10.

Action-Not Available
Vendor-Iqonic Design
Product-Graphina
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43320
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 35.90%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 14:15
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPBakery Page Builder Addons plugin <= 3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.9.

Action-Not Available
Vendor-Livemesh
Product-Livemesh Addons for WPBakery Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43262
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 35.90%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 21:22
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Busiprof theme <= 2.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webriti Busiprof allows Stored XSS.This issue affects Busiprof: from n/a through 2.4.8.

Action-Not Available
Vendor-webriti
Product-Busiprof
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43349
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 35.90%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 13:12
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All Bootstrap Blocks plugin <= 1.3.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in all_bootstrap_blocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through <= 1.3.19.

Action-Not Available
Vendor-all_bootstrap_blocksAREOI
Product-All Bootstrap Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43149
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 48.55%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 22:13
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CM Tooltip Glossary Plugin <= 4.3.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.7.

Action-Not Available
Vendor-CreativeMindsSolutions
Product-CM Tooltip Glossary
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22662
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 14:21
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through <= 2.1.5.

Action-Not Available
Vendor-SendPulse
Product-SendPulse Email Marketing Newsletter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-51404
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.88%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 08:42
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress My Agile Privacy Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy – The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy – The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7.

Action-Not Available
Vendor-myagileprivacyMyAgilePrivacy
Product-my_agile_privacyMy Agile Privacy – The only GDPR solution for WordPress that you can truly trust
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-41355
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.81%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 00:00
Updated-13 Feb, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.

Action-Not Available
Vendor-phpipamn/aphpipam
Product-phpipamn/aphpipam
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-39668
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.70%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 21:31
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extensions for Elementor plugin <= 2.0.31 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Stored XSS.This issue affects Extensions for Elementor: from n/a through 2.0.31.

Action-Not Available
Vendor-idiowebpetesheppard84
Product-extensions_for_elementorExtensions for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.23%
||
7 Day CHG~0.00%
Published-20 Jul, 2024 | 07:45
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Magical Addons For Elementor plugin <= 1.1.41 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.

Action-Not Available
Vendor-wpthemespaceNoor alam
Product-magical_addons_for_elementorMagical Addons For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38687
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.60%
||
7 Day CHG~0.00%
Published-20 Jul, 2024 | 07:39
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sky Addons for Elementor plugin <= 2.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor sky-elementor-addons.This issue affects Sky Addons for Elementor: from n/a through <= 2.5.5.

Action-Not Available
Vendor-wowdevswowDevs
Product-sky_addons_for_elementorSky Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23927
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.39%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-12 May, 2026 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Incredible Font Awesome plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in massimo.serpilli Incredible Font Awesome incredible-font-awesome allows Stored XSS.This issue affects Incredible Font Awesome: from n/a through <= 1.0.

Action-Not Available
Vendor-massimo.serpilli
Product-Incredible Font Awesome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-51504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-1.92% / 83.54%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 05:40
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dan's Embedder for Google Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.

Action-Not Available
Vendor-dandulaneyDan Dulaney
Product-dan\'s_embedder_for_google_calendarDan's Embedder for Google Calendar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38713
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.83%
||
7 Day CHG~0.00%
Published-20 Jul, 2024 | 07:25
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Photo Album Plus plugin <= 8.8.02.002 - Authenticated Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.02.002.

Action-Not Available
Vendor-J.N. Breetvelt a.k.a. OpaJaap
Product-WP Photo Album Plus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.59%
||
7 Day CHG~0.00%
Published-20 Jul, 2024 | 07:58
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP GoToWebinar plugin <= 15.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson WP GoToWebinar allows Stored XSS.This issue affects WP GoToWebinar: from n/a through 15.7.

Action-Not Available
Vendor-Martin Gibson
Product-WP GoToWebinar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 14
  • 15
  • 16
  • ...
  • 52
  • 53
  • Next
Details not found