Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-23602

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-22 Jan, 2025 | 14:29
Updated At-22 Jan, 2025 | 19:50
Rejected At-
Credits

WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound EELV Newsletter allows Reflected XSS. This issue affects EELV Newsletter: from n/a through 4.8.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:22 Jan, 2025 | 14:29
Updated At:22 Jan, 2025 | 19:50
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound EELV Newsletter allows Reflected XSS. This issue affects EELV Newsletter: from n/a through 4.8.2.

Affected Products
Vendor
NotFound
Product
EELV Newsletter
Collection URL
https://wordpress.org/plugins
Package Name
eelv-newsletter
Default Status
unaffected
Versions
Affected
  • From n/a through 4.8.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
thiennv (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/eelv-newsletter/vulnerability/wordpress-eelv-newsletter-plugin-4-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/eelv-newsletter/vulnerability/wordpress-eelv-newsletter-plugin-4-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:22 Jan, 2025 | 15:15
Updated At:22 Jan, 2025 | 15:15

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound EELV Newsletter allows Reflected XSS. This issue affects EELV Newsletter: from n/a through 4.8.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/eelv-newsletter/vulnerability/wordpress-eelv-newsletter-plugin-4-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/eelv-newsletter/vulnerability/wordpress-eelv-newsletter-plugin-4-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2241Records found
CVE-2025-26563
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rocket Mobile Plugin <= 0.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mobile allows Reflected XSS. This issue affects Mobile: from n/a through 1.3.3.

Action-Not Available
Vendor-NotFound
Product-Mobile
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-25118
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPOptin plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Top Bar – PopUps – by WPOptin allows Reflected XSS. This issue affects Top Bar – PopUps – by WPOptin: from n/a through 2.0.8.

Action-Not Available
Vendor-NotFound
Product-Top Bar – PopUps – by WPOptin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23964
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Plus Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Google Plus allows Reflected XSS. This issue affects Google Plus: from n/a through 1.0.2.

Action-Not Available
Vendor-NotFound
Product-Google Plus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24620
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:22
Updated-03 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AIO Shortcodes plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound AIO Shortcodes allows Stored XSS. This issue affects AIO Shortcodes: from n/a through 1.3.

Action-Not Available
Vendor-NotFound
Product-AIO Shortcodes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23956
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Easy Post Mailer Plugin <= 0.64 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Easy Post Mailer allows Reflected XSS. This issue affects WP Easy Post Mailer: from n/a through 0.64.

Action-Not Available
Vendor-NotFound
Product-WP Easy Post Mailer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24781
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:22
Updated-03 Feb, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPJobBoard plugin <= 5.10.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WPJobBoard allows Reflected XSS. This issue affects WPJobBoard: from n/a through 5.10.1.

Action-Not Available
Vendor-NotFound
Product-WPJobBoard
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23811
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-22 Jan, 2025 | 21:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP2APP Plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP2APP allows Reflected XSS. This issue affects WP2APP: from n/a through 2.6.2.

Action-Not Available
Vendor-NotFound
Product-WP2APP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23882
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:32
Updated-22 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Download Codes Plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Download Codes allows Reflected XSS. This issue affects WP Download Codes: from n/a through 2.5.4.

Action-Not Available
Vendor-NotFound
Product-WP Download Codes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23621
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 10:52
Updated-27 Jan, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Causes – Donation plugin <= 1.0.01 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Causes – Donation Plugin allows Reflected XSS. This issue affects Causes – Donation Plugin: from n/a through 1.0.01.

Action-Not Available
Vendor-NotFound
Product-Causes – Donation Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23835
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 15:29
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Legal + allows Reflected XSS. This issue affects Legal +: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-Legal +
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23653
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-14 Feb, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Form To Online Booking plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Form To Online Booking allows Reflected XSS. This issue affects Form To Online Booking: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-Form To Online Booking
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23652
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-14 Feb, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Add custom content after post plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Add custom content after post allows Reflected XSS. This issue affects Add custom content after post: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-Add custom content after post
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23495
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.64%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-22 Jan, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Order Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WooCommerce Order Search allows Reflected XSS. This issue affects WooCommerce Order Search: from n/a through 1.1.0.

Action-Not Available
Vendor-NotFound
Product-WooCommerce Order Search
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23526
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.60%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-17 Mar, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Swift Calendar Online Appointment Scheduling plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Swift Calendar Online Appointment Scheduling allows Reflected XSS. This issue affects Swift Calendar Online Appointment Scheduling: from n/a through 1.3.3.

Action-Not Available
Vendor-swiftcloudNotFound
Product-swift_calendar_online_appointment_schedulingSwift Calendar Online Appointment Scheduling
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23680
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Narnoo Operator plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Narnoo Operator allows Reflected XSS. This issue affects Narnoo Operator: from n/a through 2.0.0.

Action-Not Available
Vendor-NotFound
Product-Narnoo Operator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23451
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Twitter Feeds plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Awesome Twitter Feeds allows Reflected XSS. This issue affects Awesome Twitter Feeds: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-Awesome Twitter Feeds
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23584
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-04 Mar, 2025 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pin Locations on Map plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pin Locations on Map allows Reflected XSS. This issue affects Pin Locations on Map: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-Pin Locations on Map
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23475
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:31
Updated-22 Jan, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress History timeline plugin <= 0.7.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2.

Action-Not Available
Vendor-NotFound
Product-History timeline
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23885
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 10:52
Updated-27 Jan, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MJ Contact us Plugin <= 5.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MJ Contact us allows Reflected XSS. This issue affects MJ Contact us: from n/a through 5.2.3.

Action-Not Available
Vendor-NotFound
Product-MJ Contact us
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23851
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-14 Feb, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Coronavirus (COVID-19) Outbreak Data Widgets Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Coronavirus (COVID-19) Outbreak Data Widgets allows Reflected XSS. This issue affects Coronavirus (COVID-19) Outbreak Data Widgets: from n/a through 1.1.1.

Action-Not Available
Vendor-NotFound
Product-Coronavirus (COVID-19) Outbreak Data Widgets
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23552
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Texteller plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Texteller allows Reflected XSS. This issue affects Texteller: from n/a through 1.3.0.

Action-Not Available
Vendor-NotFound
Product-Texteller
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23718
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-04 Mar, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mancx AskMe Widget plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mancx AskMe Widget allows Reflected XSS. This issue affects Mancx AskMe Widget: from n/a through 0.3.

Action-Not Available
Vendor-NotFound
Product-Mancx AskMe Widget
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23666
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Management-screen-droptiles plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Management-screen-droptiles allows Reflected XSS. This issue affects Management-screen-droptiles: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-Management-screen-droptiles
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23736
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-04 Mar, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Form To JSON plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Form To JSON allows Reflected XSS. This issue affects Form To JSON: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-Form To JSON
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23538
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-05 Mar, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Contest plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Contest allows Reflected XSS. This issue affects WP Contest: from n/a through 1.0.0.

Action-Not Available
Vendor-NotFound
Product-WP Contest
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23706
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-22 Jan, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jet Skinner for BuddyPress plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Jet Skinner for BuddyPress allows Reflected XSS. This issue affects Jet Skinner for BuddyPress: from n/a through 1.2.5.

Action-Not Available
Vendor-NotFound
Product-Jet Skinner for BuddyPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23622
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 10:52
Updated-27 Jan, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CBX Accounting & Bookkeeping plugin <= 1.3.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CBX Accounting & Bookkeeping allows Reflected XSS. This issue affects CBX Accounting & Bookkeeping: from n/a through 1.3.14.

Action-Not Available
Vendor-NotFound
Product-CBX Accounting & Bookkeeping
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23732
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-22 Jan, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Filtering plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Filtering allows Reflected XSS. This issue affects Easy Filtering: from n/a through 2.5.0.

Action-Not Available
Vendor-NotFound
Product-Easy Filtering
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23521
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-05 Mar, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Goodlayers Blocks plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Goodlayers Blocks allows Reflected XSS. This issue affects Goodlayers Blocks: from n/a through 1.0.1.

Action-Not Available
Vendor-NotFound
Product-Goodlayers Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23481
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ni WooCommerce Sales Report Email plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ni WooCommerce Sales Report Email allows Reflected XSS. This issue affects Ni WooCommerce Sales Report Email: from n/a through 3.1.4.

Action-Not Available
Vendor-NotFound
Product-Ni WooCommerce Sales Report Email
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23611
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-22 Jan, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WH Cache & Security plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WH Cache & Security allows Reflected XSS. This issue affects WH Cache & Security: from n/a through 1.1.2.

Action-Not Available
Vendor-NotFound
Product-WH Cache & Security
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23755
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:22
Updated-03 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PAFacile plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PAFacile allows Reflected XSS. This issue affects PAFacile: from n/a through 2.6.1.

Action-Not Available
Vendor-NotFound
Product-PAFacile
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23655
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-14 Feb, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 – Paystack Add-on plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Contact Form 7 – Paystack Add-on allows Reflected XSS. This issue affects Contact Form 7 – Paystack Add-on: from n/a through 1.2.3.

Action-Not Available
Vendor-NotFound
Product-Contact Form 7 – Paystack Add-on
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23571
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-14 Feb, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Internal Links Generator plugin <= 3.51 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Internal Links Generator allows Reflected XSS. This issue affects Internal Links Generator: from n/a through 3.51.

Action-Not Available
Vendor-NotFound
Product-Internal Links Generator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23549
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Maniac SEO plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Maniac SEO allows Reflected XSS. This issue affects Maniac SEO: from n/a through 2.0.

Action-Not Available
Vendor-NotFound
Product-Maniac SEO
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23479
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress melascrivi plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound melascrivi allows Reflected XSS. This issue affects melascrivi: from n/a through 1.4.

Action-Not Available
Vendor-NotFound
Product-melascrivi
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23837
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 10:52
Updated-27 Jan, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress One Backend Language Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound One Backend Language allows Reflected XSS. This issue affects One Backend Language: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-One Backend Language
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23839
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 10:52
Updated-27 Jan, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sticky Button plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Sticky Button allows Stored XSS. This issue affects Sticky Button: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-Sticky Button
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23468
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essay Wizard (wpCRES) plugin <= 1.0.6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Essay Wizard (wpCRES) allows Reflected XSS. This issue affects Essay Wizard (wpCRES): from n/a through 1.0.6.4.

Action-Not Available
Vendor-NotFound
Product-Essay Wizard (wpCRES)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23586
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Post Category Notifications plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Post Category Notifications allows Reflected XSS. This issue affects WP Post Category Notifications: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-WP Post Category Notifications
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23449
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:31
Updated-22 Jan, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple shortcode buttons plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple shortcode buttons allows Reflected XSS. This issue affects Simple shortcode buttons: from n/a through 1.3.2.

Action-Not Available
Vendor-NotFound
Product-Simple shortcode buttons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23696
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-18 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Staging CDN plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Staging CDN allows Reflected XSS. This issue affects Staging CDN: from n/a through 1.0.0.

Action-Not Available
Vendor-NotFound
Product-Staging CDN
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23610
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.64%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-22 Jan, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Events plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ultimate Events allows Reflected XSS. This issue affects Ultimate Events: from n/a through 1.3.3.

Action-Not Available
Vendor-NotFound
Product-Ultimate Events
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23714
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AppReview plugin <= 0.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound AppReview allows Reflected XSS. This issue affects AppReview: from n/a through 0.2.9.

Action-Not Available
Vendor-NotFound
Product-AppReview
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23595
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page Health-O-Meter plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Page Health-O-Meter allows Reflected XSS. This issue affects Page Health-O-Meter: from n/a through 2.0.

Action-Not Available
Vendor-NotFound
Product-Page Health-O-Meter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23852
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-12 May, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress First Comment Redirect plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound First Comment Redirect allows Reflected XSS. This issue affects First Comment Redirect: from n/a through 1.0.3.

Action-Not Available
Vendor-NotFound
Product-First Comment Redirect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23631
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-22 Jan, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Planner plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Content Planner allows Reflected XSS. This issue affects Content Planner: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-Content Planner
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23850
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-12 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mojo Under Construction Plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mojo Under Construction allows Reflected XSS. This issue affects Mojo Under Construction: from n/a through 1.1.2.

Action-Not Available
Vendor-NotFound
Product-Mojo Under Construction
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23904
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-12 May, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rebrand Fluent Forms Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Rebrand Fluent Forms allows Reflected XSS. This issue affects Rebrand Fluent Forms: from n/a through 1.0.

Action-Not Available
Vendor-NotFound
Product-Rebrand Fluent Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23543
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FOMO Pay Chinese Payment Solution plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FOMO Pay Chinese Payment Solution allows Reflected XSS. This issue affects FOMO Pay Chinese Payment Solution: from n/a through 2.0.4.

Action-Not Available
Vendor-NotFound
Product-FOMO Pay Chinese Payment Solution
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 44
  • 45
  • Next
Details not found