ByteOS Network

Vulnerability Details :

CVE-2025-23734

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-24 Jan, 2025 | 10:52

Updated At-28 Apr, 2026 | 16:11

WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through <= 0.1.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:24 Jan, 2025 | 10:52

Updated At:28 Apr, 2026 | 16:11

▼CVE Numbering Authority (CNA)

WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

Casey Bisson

Product

Gigaom Sphinx

Collection URL

https://wordpress.org/plugins

Package Name

go-sphinx

Default Status

unaffected

Versions

Affected

From 0 through 0.1 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-591	Reflected XSS

CAPEC ID: CAPEC-591

Description: Reflected XSS

Credits

finder

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

References

Hyperlink	Resource
https://patchstack.com/database/Wordpress/Plugin/go-sphinx/vulnerability/wordpress-gigaom-sphinx-plugin-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/go-sphinx/vulnerability/wordpress-gigaom-sphinx-plugin-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:24 Jan, 2025 | 11:15

Updated At:23 Apr, 2026 | 15:24

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	audit@patchstack.com

CWE ID: CWE-79

Type: Secondary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/Wordpress/Plugin/go-sphinx/vulnerability/wordpress-gigaom-sphinx-plugin-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/go-sphinx/vulnerability/wordpress-gigaom-sphinx-plugin-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

2438Records found

CVE-2025-68858

Matching Score-10

Assigner-Patchstack

View Details

Matching Score-10

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.04% / 13.93%

7 Day CHG~0.00%

Published-22 Jan, 2026 | 16:52

Updated-28 Apr, 2026 | 20:04

WordPress wpCAS plugin <= 1.07 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07.

Vendor-Casey Bisson

Product-wpCAS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35775

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-19 Jun, 2023 | 13:32

Updated-28 Apr, 2026 | 16:08

WordPress WP Backup Manager Plugin <= 1.13.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1 versions.

Vendor-wp_backup_solutions_project WP Backup Solutions

Product-wp_backup_solutions WP Backup Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35918

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:47

Updated-28 Apr, 2026 | 16:08

WordPress WooCommerce Bulk Stock Management Plugin <= 2.2.33 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions.

Vendor-WooCommerce

Product-bulk_stock_management Bulk Stock Management

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35098

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.21% / 43.30%

7 Day CHG~0.00%

Published-20 Jun, 2023 | 09:01

Updated-28 Apr, 2026 | 16:08

WordPress NextGen GalleryView Plugin <= 0.5.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.

Vendor-wordpress_nextgen_galleryview_project John Brien

Product-wordpress_nextgen_galleryview WordPress NextGen GalleryView

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35043

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.11% / 28.67%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 12:57

Updated-28 Apr, 2026 | 16:08

WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.

Vendor-recent_posts_slider_project Neha Goel

Product-recent_posts_slider Recent Posts Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35097

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.21% / 43.30%

7 Day CHG~0.00%

Published-20 Jun, 2023 | 09:05

Updated-28 Apr, 2026 | 16:08

WordPress WP Affiliate Links Plugin <= 0.1.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet Marketing Dojo WP Affiliate Links plugin <= 0.1.1 versions.

Vendor-Internet Marketing Dojo Dojo (OpenJS Foundation)

Product-wp_affiliate_links WP Affiliate Links

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35772

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-19 Jun, 2023 | 13:54

Updated-28 Apr, 2026 | 16:08

WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.

Vendor-Alain Gonzalez

Product-google_map_shortcode Google Map Shortcode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-27478

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.1||HIGH

EPSS-1.41% / 80.68%

7 Day CHG~0.00%

Published-30 Apr, 2024 | 00:00

Updated-15 Apr, 2026 | 00:35

Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature.

Vendor-n/a simplcommerce

Product-n/a simplcommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24420

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.12% / 30.46%

7 Day CHG~0.00%

Published-15 Jun, 2023 | 13:32

Updated-28 Apr, 2026 | 16:08

WordPress Admin side data storage for Contact Form 7 Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <= 1.1.1 versions.

Vendor-zestard Zestard Technologies

Product-admin_side_data_storage_for_contact_form_7 Admin side data storage for Contact Form 7

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35884

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.21% / 43.30%

7 Day CHG~0.00%

Published-20 Jun, 2023 | 06:50

Updated-28 Apr, 2026 | 16:08

WordPress EventPrime Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.

Vendor-Metagauss Inc.

Product-eventprime EventPrime

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34021

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-23 Jun, 2023 | 11:31

Updated-28 Apr, 2026 | 16:08

WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.

Vendor-church_admin_project Andy Moyle

Product-church_admin Church Admin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34026

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 15:05

Updated-28 Apr, 2026 | 16:08

WordPress This Day In History Plugin <= 3.10.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCrust This Day In History plugin <= 3.10.1 versions.

Vendor-this_day_in_history_project BrokenCrust

Product-this_day_in_history This Day In History

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34174

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 13:54

Updated-28 Apr, 2026 | 16:08

WordPress BBS e-Popup Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Theme BBS e-Popup plugin <= 2.4.5 versions.

Vendor-bbsetheme BBS e-Theme

Product-bbs_e-popup BBS e-Popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-31468

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.18% / 39.88%

7 Day CHG~0.00%

Published-03 Apr, 2025 | 13:27

Updated-12 May, 2026 | 00:01

WordPress WP_Identicon plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scottsm WP_Identicon wp-identicon allows Reflected XSS.This issue affects WP_Identicon: from n/a through <= 2.0.

Vendor-scottsm

Product-WP_Identicon

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33322

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.14% / 33.68%

7 Day CHG~0.00%

Published-26 Mar, 2024 | 08:48

Updated-28 Apr, 2026 | 16:08

WordPress Front End Users plugin < 3.2.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.

Vendor-etoilewebdesign Etoile Web Design

Product-front_end_users Front End Users

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34184

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 13:28

Updated-28 Apr, 2026 | 16:08

WordPress Woocommerce Order address Print Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <= 3.2 versions.

Vendor-bhavikpatel Bhavik Patel

Product-woocommerce-order-address-print Woocommerce Order address Print

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34012

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-23 Jun, 2023 | 11:24

Updated-28 Apr, 2026 | 16:08

WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions.

Vendor-leap13 Premium Addons for Elementor

Product-premium_addons_for_elementor Premium Addons PRO

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33319

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-28 May, 2023 | 18:07

Updated-28 Apr, 2026 | 16:08

WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.

Vendor-WooCommerce

Product-automatewoo WooCommerce Follow-Up Emails (AutomateWoo)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33332

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-28 May, 2023 | 18:53

Updated-28 Apr, 2026 | 16:08

WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions.

Vendor-woocommerce_product_vendors_project WooCommerce

Product-woocommerce_product_vendors WooCommerce Product Vendors

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33997

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.11% / 28.84%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 12:55

Updated-28 Apr, 2026 | 16:08

WordPress bbp style pack Plugin <= 5.5.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.5.5 versions.

Vendor-bbp_style_pack_project Robin Wilson

Product-bbp_style_pack bbp style pack

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34176

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 13:33

Updated-28 Apr, 2026 | 16:08

WordPress Chilexpress woo oficial Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpress Chilexpress woo oficial plugin <= 1.2.9 versions.

Vendor-chilexpress Chilexpress

Product-chilexpress-oficial Chilexpress woo oficial

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34017

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.12% / 30.46%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 13:33

Updated-28 Apr, 2026 | 16:08

WordPress Five Star Restaurant Reservations Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7 versions.

Vendor-fivestarplugins FiveStarPlugins

Product-five_star_restaurant_menu Five Star Restaurant Reservations

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34022

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 14:46

Updated-28 Apr, 2026 | 16:08

WordPress Dynamic QR Code Generator Plugin <= 0.0.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rakib Hasan Dynamic QR Code Generator plugin <= 0.0.5 versions.

Vendor-sosidee Rakib Hasan

Product-dynamic_qr_code_generator Dynamic QR Code Generator

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34011

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.06% / 19.54%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 11:18

Updated-28 Apr, 2026 | 16:08

WordPress ShopConstruct Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2 versions.

Vendor-shopconstruct ShopConstruct

Product-shopconstruct ShopConstruct

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34180

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 13:43

Updated-28 Apr, 2026 | 16:08

WordPress Google Fonts For WordPress Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <= 3.0.0 versions.

Vendor-kaplugins KAPlugins

Product-free-google-fonts Google Fonts For WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33326

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-28 May, 2023 | 17:42

Updated-28 Apr, 2026 | 16:08

WordPress EventPrime Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.

Vendor-Metagauss Inc.

Product-eventprime EventPrime

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33317

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:29

Updated-28 Apr, 2026 | 16:08

WordPress WooCommerce Warranty Requests Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.

Vendor-WooCommerce

Product-returns_and_warranty_requests Returns and Warranty Requests

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34023

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 14:25

Updated-28 Apr, 2026 | 16:08

WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions.

Vendor-miled Miled

Product-wordpress_social_login WordPress Social Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33925

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.11% / 28.67%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 12:42

Updated-28 Apr, 2026 | 16:08

WordPress WooCommerce Product Categories Selection Widget Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PluginForage WooCommerce Product Categories Selection Widget plugin <= 2.0 versions.

Vendor-pluginforage PluginForage

Product-woocommerce_product_categories_selection_widget WooCommerce Product Categories Selection Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33309

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-28 May, 2023 | 17:36

Updated-28 Apr, 2026 | 16:08

WordPress Duplicator Pro Plugin <= 4.5.11 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11 versions.

Vendor-Awesome Motive Inc.

Product-duplicator Duplicator Pro

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34008

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 14:50

Updated-28 Apr, 2026 | 16:08

WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions.

Vendor-weDevs Pte. Ltd.

Product-wp_erp WP ERP

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34375

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.19% / 40.89%

7 Day CHG~0.00%

Published-16 Nov, 2023 | 19:31

Updated-28 Apr, 2026 | 16:08

WordPress Seo By 10Web Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <= 1.2.9 versions.

Vendor-10Web (TenWeb, Inc.)

Product-seo SEO by 10Web

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34032

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 14:19

Updated-28 Apr, 2026 | 16:08

WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.

Vendor-casier Pascal Casier

Product-bbpress_toolkit bbPress Toolkit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32742

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.22%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 11:08

Updated-28 Apr, 2026 | 16:08

WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in VeronaLabs WP SMS plugin <= 6.1.4 versions.

Vendor-veronalabs VeronaLabs

Product-wp_sms WP SMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32499

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-23 Aug, 2023 | 13:59

Updated-28 Apr, 2026 | 16:08

WordPress Radio Station Plugin <= 2.4.0.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions.

Vendor-netmix Tony Zeoli, Tony Hayes

Product-radio_station Radio Station by netmix® – Manage and play your Show Schedule in WordPress!

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32796

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.19% / 40.89%

7 Day CHG~0.00%

Published-16 Nov, 2023 | 19:57

Updated-28 Apr, 2026 | 16:08

WordPress WooCommerce Product Enquiry Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <= 2.3.4 versions.

Vendor-mingocommerce MingoCommerce

Product-woocommerce_product_enquiry WooCommerce Product Enquiry

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32597

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.05% / 14.56%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 11:45

Updated-28 Apr, 2026 | 16:08

WordPress Video Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions.

Vendor-i13websolution I Thirteen Web Solution

Product-video_gallery Video Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32509

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-23 Aug, 2023 | 14:27

Updated-28 Apr, 2026 | 16:08

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions.

Vendor-cagewebdev Rolf van Gelder

Product-order_your_posts_manually Order Your Posts Manually

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32797

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.05% / 16.82%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 11:28

Updated-28 Apr, 2026 | 16:08

WordPress video carousel slider with lightbox Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions.

Vendor-i13websolution I Thirteen Web Solution

Product-video_carousel_slider_with_lightbox video carousel slider with lightbox

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32241

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-29 Aug, 2023 | 20:11

Updated-28 Apr, 2026 | 16:08

WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions.

Vendor-WPDeveloper

Product-essential_addons_for_elementor Essential Addons for Elementor Pro

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32800

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.96%

7 Day CHG~0.00%

Published-28 May, 2023 | 18:39

Updated-28 Apr, 2026 | 16:08

WordPress Rank Math SEO PRO Plugin <= 3.0.35 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <= 3.0.35 versions.

Vendor-rankmath One

Product-seo_pro Rank Math SEO PRO

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32598

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.30%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 11:14

Updated-28 Apr, 2026 | 16:08

WordPress Featured Image Pro Post Grid Plugin <= 5.14 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions.

Vendor-shooflysolutions A. R. Jones

Product-featured_image_pro_post_grid Featured Image Pro Post Grid

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28784

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.12% / 30.66%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:21

Updated-28 Apr, 2026 | 16:08

WordPress Contest Gallery Plugin <= 21.1.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.

Vendor-contest-gallery Contest Gallery

Product-contest_gallery Contest Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32108

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.01%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 14:06

Updated-28 Apr, 2026 | 16:08

WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.

Vendor-eduva Ignazio Scimone

Product-albo_pretorio_online Albo Pretorio On line

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32109

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.01%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 14:53

Updated-28 Apr, 2026 | 16:08

WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.

Vendor-eduva Ignazio Scimone

Product-albo_pretorio_online Albo Pretorio On line

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28490

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.18% / 38.50%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 05:05

Updated-28 Apr, 2026 | 16:08

WordPress Mortgage Calculator Estatik Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions.

Vendor-estatik Estatik

Product-estatik_mortgage_calculator Estatik Mortgage Calculator

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32107

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.01%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 14:00

Updated-28 Apr, 2026 | 16:08

WordPress Photo Gallery by Ays Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions.

Vendor-AYS Pro Extensions

Product-photo_gallery Photo Gallery by Ays – Responsive Image Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31218

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.06% / 19.76%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 13:28

Updated-28 Apr, 2026 | 16:08

WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions.

Vendor-PluginUs.Net (RealMag777)

Product-wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional WOLF – WordPress Posts Bulk Editor and Manager Professional

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-32305

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.18% / 39.88%

7 Day CHG~0.00%

Published-09 Jun, 2025 | 15:54

Updated-28 Apr, 2026 | 16:12

WordPress FlatNews theme <= 5.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit WordPress FlatNews Theme flatnews allows Reflected XSS.This issue affects WordPress FlatNews Theme: from n/a through <= 5.8.

Vendor-Sneeit

Product-WordPress FlatNews Theme

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32106

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.01%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 13:55

Updated-28 Apr, 2026 | 16:08

WordPress WP Docs Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Mahmood WP Docs plugin <= 1.9.9 versions.

Vendor-fahad_mahmood Fahad Mahmood

Product-wp_docs WP Docs

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-23734

Credits

WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs